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Is Hardware Catching Up to Java? 
In the past month, the development team 
| lead and | went though the same search 
for the appropriate language or SDK 

with which to write software destined 

to run on multicore systems (in my case, 
8-core/32-thread processors from Raza 
Microelectronics as well as future Intel 
8-core CPUs) as well as single-core systems. 


So Nicholas Petreley’s article “Is Hardware 
Catching Up to Java?” in the November 
2007 issue was of great interest, 
though in the end we came to differ- 
ent conclusions. 


Nicholas picked Java because it has 
some multithreading support built in, 
though he admits that is far from 
being a slam dunk for issues related 
to garbage collection. 


| don’t think GC's implementation is 
what is most important. | think what is 
most important is being able to write 
multithreaded software with as few 
bugs as single-threaded software. In my 
experience, once you get past the sim- 
ple, large-scale pieces of the software 
that can be run on separate threads, 
you hit a wall. For example, it is usually 
easy in server software to run each 
client's requests in a different thread. 
That is easy because the number of 
places where two client threads interact, 
and the amount of data they share, is 
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limited and well defined. (Well, if it 
isn't, it’s going to crash.) 


But, how do you get beyond that and 
do things like running a for loop (in C or 
Java) in parallel and knowing the imple- 
mentation is right, and will remain right, 
over the next five years as new software 
developers alter the rest of the software? 


Java cannot help you there, not more than 
C, C++ or Python, because they all share 
something: shared state. In all these lan- 
guages, the default is that data is shared. 
Any thread can write to anything to which 
it has a pointer. There is no guarantee 
beyond documentation and code reviews 
and the good intentions of future develop- 
ers that the data your threads use isn’t 
changing in ways that will crash them. 


My conclusion of my search was that the 
proper language for multicore software 
was a single-assignment language: Erlang 
or Haskell. In these languages, the default 
is that software cannot alter a value after 
it is assigned. Thus, data structures can be 
shared between threads without laying 
down rules about how it can be used or 
not used (locks, lock-free algorithms and 
so on). In these languages, the variables 
that act like normal Java or C variables 
are the exception, and are defined differ- 
ently from the rest. In fact, in Haskell, 
they are extremely well marked—to the 
point that any function that accesses 
them (even to read) is marked as well. 


In the end, we decided to develop in 
Haskell, using its C interface to connect 
it with our existing C code. I’ve previous- 
ly worked with developers who swore by 
Erlang (and thought at the time that we 
were nuts to code in C++). 


PS. You mentioned Python. Python 
(more precisely, the CPython interpretor, 
the one everyone uses and for which 
we have all the nice plugins and tools 
support) has an Achilles’ heel: the 
global interpretor lock (GIL). It may be 
multithreaded, and stackless Python is 
perfect for multithreaded server software. 
But, the GIL means the Python code 
cannot run on more than one core. 


Nicolas Dade 


The Number 77 

| have known Dave Taylor for many, many 
years, having interacted with him at vari- 
ous USENIX conferences. His discussions 
of shell programming in his Work the 
Shell column are useful to all of us. 


Unfortunately, he should have chosen 
another application area instead of 
numerology for his recent article in the 
2008 January issue of Linux Journal. By 
writing such articles, even more people 
are led to believe that there is validity in 
traditional numerology. There isn’t. 


Systematics (www.systematics.org) on 
the other hand, a discipline developed 
by John Bennett and others, asserts that 
numbers do, in fact, have “qualitative 
significance”. Instead of “associating 
numbers with letters”, Dave could have 
presented a shell script to, for example, 
enumerate the various “inner connec- 
tions” within each of Systematics’ primary 
“systems” (monad, dyad, triad, tetrad, 
pentad and so forth). 


Let's not encourage useless, unreal “dis- 
ciplines” by publishing articles involving 
them. Rather, Linux Journal should focus 
on what is true and of value. 


Kenneth Hood Jacker 


Dave Taylor replies: Interesting...there 
are 17 letters in your name, and the 
letters sum up to 77. When | started 
programming, one of the languages | 
learned was Fortran 77. Coincidence? 
Maybe not. In any case, thanks for your 
note, Kenneth. 


X Server Suckage 

| have an update on this [see Letters, 
LJ April 2008]. | finally got tired of 
the old notebook running out of 
memory and migrated to the new 
Lenovo. I’m getting by using mostly 
one workspace, with all the windows 
overlapping, which | hate apparently 
about as much as my wife hated the 
pannable virtual desktop. Having 
recently re-installed Linux on my 
home desktop (going from Red Hat 9 
to Ubuntu 7.10), | got a taste of 
Compiz and all its fancy features. 
That made me wonder why on the 


Lenovo, Compiz wouldn't let me 
enable any visual effects. 


It turns out this is yet another case of 
the Intel X server sucking. It seems 
under this X server, you can either 
have Xv accelerated video playback or 
Compiz. Ubuntu “solved” this problem 
by blacklisting the Intel X server. | 
found | could get around this blacklist- 
ing by adding SKIP_CHECKS=yes to 
/etc/xdg/compiz/compiz-manager, but 
the next time | tried to play a video 
file, | found | could not. There are 
workarounds, configuring the various 
video player apps to use something 
other than the default (Xv) for video 
output, but those result in slower or 
buggier (video always on top) behavior. 


Some have suggested running the i810 X 
server rather than the newer Intel one, but 
when | tried that, X wouldn’t run at all. 


Had | known how bad the X server 
support is for this video chipset, | would 
have blacklisted machines using it while 
shopping for a new notebook. 


I'm still waiting for Xi to get the neces- 
sary programming info from Intel so 
they can produce an Intel X server that 
hopefully doesn’t suck. 


As a side note, the ASUS Eee PC also 
uses a similar Intel video chipset and 
suffers all these same problems. | recently 
got an Eee at work, and that tiny screen 
just begs for a virtual/pannable desktop. 
Too bad it uses the Intel X server. 
Frequently, windows pop up that have 
to be moved (Alt-click-drag) partially 
off the screen to get to the buttons on 
them. These things aren't as big of a 
deal for me on the Eee, as | wanted it 
primarily as a router config terminal 
and “go anywhere” portable Internet 
terminal, and | knew before we ordered 
it that | wouldn't be happy with the 
screen. The Eee would be great if it was 
just a bit bigger (making the keyboard 
less cramped), had a bit more screen 
resolution and size and, of course, a 
non-Intel video chipset with an X server 
that doesn’t suck. 


Jon Lewis 


More Business? 

In regard to the letter from Nick 
Couchman in the March 2008 L/, “More 
Business Content, Please”, | agree with 
Nick to a point but must express that he 
may have missed the business side of 
some articles. Like he says, articles about 
LTSP for schools and such are great, but 
has he ever considered using it as a FREE 
(beer) connection broker for VDI? With XP 
licenses as the only pay-for product, | use 
LTSP to boot old machines with Etherboot 
or PXE into an rdesktop screen pointed 
at that person's XP virtual machine on 
VMware server. Linux all the way to the 
VM. I'd also like to call attention to Dave 
Richards’ blog (davelargo.blogspot.com). 
He has more than 500 thin clients 
deployed in the city of Largo, Florida. The 
whole city operation runs Linux, Evolution, 
OpenOffice.org—beautiful. 


| would like to see more business-relat- 
ed articles, such as using Coraid’s AoE 
product in a VMware server or ESX envi- 


ronment. But, part of the fun is being 
able to read an LJ article and think 
“Hey! | can adapt that to my business.” 


Chris Turner 


Help Him 

| am writing regarding the article in the 
March 2008 issue of LJ titled “Desktop 
Must-Haves” by Dan Sawyer. 


First off, | want to say that the article 
was great and well written and quite 
lucid. | have no problems with anything 
that Mr Sawyer said in the article, and 
agree with many of his choices for good 
Linux desktop applications. 


What |, personally, have had issues with 
in moving from my Mac OS X platform 
to Linux as a desktop is the Pro Audio 
realm. | have yet to see any program that 
replaces three or four of my “must have” 
applications. | am learning that there 
may be replacements out there, and if | 
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can find one that suits my needs, | 
would replace my Mac with a nice 
Core Duo Intel box, most likely running 
Debian. The applications that | need to 
replace are Logic Express or another 
audio package like Adobe Audition 2 
(Cool Edit) for multitrack recording and 
MegaSeg (which is a DJ software, 
Www.megaseg.com). These are my 
biggest hold outs. | haven't been too 
keen on the iTunes replacement offer- 
ings, but admittedly have not looked at 
any of the projects since 2006. 


My profession is Web development, 
and | do use *AMP. On Linux, | have 
found that the Bluefish Editor is my 
editor of choice and does most of 
what | need for the Web. | am also 
very open to using The GIMP or 
Krita, as Mr Sawyer pointed out, but 
the main reason | haven't switched 
is the lack of third-party plugin 
support for GIMP from the plugins 
use all the time, namely Alien 

Skin Software. If they would write 
Xenofex for GIMP, | would be using 
it in a heartbeat. Yes, going from 
Photoshop to GIMP is a bit of a 
curve only because you have to 
earn what the authors of GIMP call 
your favorite tools. Once you are 
past that, you should be able to do 
everything in GIMP that you do in 


Photoshop (in my opinion) except 
for the aforementioned plugins, 
which to date | have not figured out 
how you could produce these effects 
without them. Also, the Layer Styles 
in Photoshop seem to be missing 
from open-source counterparts. 


It would be nice to sell my Mac and 
go totally Linux (Debian for me), but 
| remain unconvinced that everything 
| do is covered, as of 2006 anyhow. 


J. Mike Needham 


Don’t Slam Ada 

Dave Taylor, in his March 2008 
article “Understanding Shell Script 
Shorthand”, says that Ada makes it 
easy for programmers to abbreviate 
their code (“abbreviate their code to 
make it shorter”! Well, yes, Dave, so 
it would!) to the point of obfuscation. 


I've never (in 25 years) met an Ada 
programmer who thought it was 
clever, funny or macho to write code 
that’s hard to understand. Indeed, the 
designers of the language rejected 
“neat” constructs that might make 
code easier to write if it was felt that 
they would make code harder to read. 


Simon Wright 


Photo of the Month 


you a free T-shirt. 


ee 


Cory Wright of Natuba.com 


Have a photo you'd like to share with LJ readers? Send your submission 
to publisher@linuxjournal.com. If we run it in the magazine, we'll send 
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Improve Performance 


and Availability 


ALTERNATIVE THINKING ABOUT DATABASE SOLUTIONS 


Optimize business outcomes. Choose HP Software 
Support services to help you improve the performance 
and availability of all of your open source middleware. 


You'll benefit with a single contract, a single invoice, a single phone 
number, and single-source access to technical expertise. Plus, benefit from 
the cost-savings and easier support of running MySQL database solutions 
on HP industry-standard servers. 


© Choose HP installation and startup services to free up staff, provide a 
smooth implementation, and cut your time-to-results. 

© Select from convenient HP Care Pack fixed-price service options: onsite 
installation, configuration, and startup. 


Technology for better business outcomes 


UP 


Linux 0.01 is alive 


diff -u 


and well. Abdel 
: Benamrouche 
WHAT'S NEW recently ported the 
IN KERNEL original Linux code 


DEVELOPMENT from 1991 to GCC 


version 4. This is the 
sort of project people do because it’s fun 
and unusual—not because they expect 
there to be any practical application for it 
at all. Yet, as often as not, there is. When 
Cong Wang heard about Abdel’s work, 
his first thought was how useful it might 
be to university Computer Science depart- 
ments teaching operating systems. With 
that thought, he immediately sent Abdel’s 
work to Cong’s own CS department. 
Where they go with it is anyone's guess. 

The original Linux 0.01 required GCC 
1.40 or thereabouts, according to a linux- 
kernel post by Linus Torvalds in August 
2001, when Tristan Sloughter tried to 
get 0.01 running on his 386. A little later, 
in September 2001, Mikulas Patocka 
actually fixed a bug in the disk request 
sorting code of Linux 0.01. At the time, 
Linus offered Mikulas maintainership of 
the 0.01.xx kernel series, but Mikulas 
turned it down. Maybe Abdel will 
decide to take up the banner and 
maintain 0.01 himself. 

The kernel sources include a variety 
of shell scripts that each try to rely only 
on the default /bin/sh UNIX shell. 
Andreas Mohr recently discovered that 
one of these scripts actually relied on the 
bash shell, though it claimed to work 
on whatever the user used by default— 
that is, on /bin/sh. He ran into this prob- 
lem when he tried to use the script on 
a system that used the bash shell by 
default. So, after doing some cleanup, 
he submitted a shell to remove all the 
bashisms from the script. It was not 
easy—there were a number of obscure 
bash features represented in the code. 
But, after some testing, comments from 
other kernel folks and revised patches, 
it did seem as though he’d managed 
to eliminate all the bashisms from the 
script. Adrian Bunk’s suggestion that it 
might be quicker simply to make the 
script rely on bash explicitly was ignored 
in favor of the much more fun project of 
delving into shell arcana. 

Apparently, too many people have 
started using the new ext4 filesystem. 
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This code is not yet ready for widespread 
consumption, but it’s been in the main 
kernel source tree for a while already to 
encourage experimentation. And, folks 
have been experimenting! Unfortunately, 
not everyone who's been using it has been 
aware that it was not fully ready. Adrian 
Bunk recently reported seeing users trying 
it out without considering the conse- 
quences, just because it was there in the 
kernel already. To deal with this, he pro- 
posed a patch, making ext4 dependent 
on the BROKEN configuration option. To 
compile the filesystem, users would have 
to edit the config files by hand to remove 
that dependency. 

There have been various objections to 
this, including from folks like Alan Cox, 
who accused Adrian of meddling too 
deeply in kernel configuration culture. 
There is a lot of resistance to making ext4 
harder to use, precisely because the ext4 
developers very strongly want lots of peo- 
ple to test it. And, as they tend to be ker- 
nel “insiders” like Alan, they can get an 
experimental filesystem into the main 
kernel tree while other filesystems, who 
also want lots of testers, have to wait 
outside the tree and undergo a lot of 
additional scrutiny before being included. 

This is not to begrudge ext4 its place 
of privilege. The ext4 developers are 
insiders because they've earned it, and 
they have a deep understanding of how 
kernel development should be done. 
Linus tends to trust their judgment, not 
because they are insiders, but because 
they have earned that trust. But, the fact 
remains that ext4 is in the main kernel 
tree, and it is not yet ready for regular 
use. Folks interested in it certainly should 
test it out if they want to, but with 
caution (and backups). 


Michal Simek may become the 
official maintainer of the Microblaze 
kernel port, included in the main 
kernel source along with the other 
architectures. He coded up the 
Microblaze support himself, but he 
was not very familiar with what 
would be involved in being a main- 
tainer and what sort of support he 
could expect from the kernel.org 
people (such as git repository hosting 
and so forth). A lot of folks had a lot 
of advice, and the whole discussion 
served to summarize current best 
practices regarding patch submissions 
and review, and the best way to host 
a full kernel tree (it turns out that 
hosting on kernel.org itself has the 
advantage of sharing git objects with 
Linus’ tree, and this would make for 
a much smaller repository on disk). It 
seems likely that Michal will become 
the official maintainer. There certainly 
has been enough enthusiasm for him 
to do so. 

A bunch of people have been trans- 
lating kernel documentation into 
Chinese, under guidance from Greg 
Kroah-Hartman, who seems to be 
leading the effort. Recently, several 
translations were integrated into the 
kernel, including some by Li Yang, 
Zhang Le and Bryan Wu, among oth- 
ers. This push toward greater accessibili- 
ty has been ongoing for years, but it 
appears to be picking up speed at the 
moment. These translations are dramat- 
ically increasing the available kernel 
developers who can participate in Linux 
development, and they pave the way 
for a deeper integration with the means 
of development. 

—ZACK BROWN 


USER FRIENDLY by J.D. “tiliad™ Frazer 


DO YOU MEAN ASIDE 
FROM THE FACT THAT IT 
SOUNDS LIKE I'M TALKING 
TO A GROWN-UP IN A 
CHARLIE BROWN FEATURE? 


LJ Index, 
May 2008 


1. Billions of transistors exceeded by Intel’s 
new Tukwila chip: 2 


2. Years ago that Intel released a chip with 
more than 1 million transistors: 2 


3. Years ago that Intel released a chip around 
a half-million transistors: 4 


4. Years since Gordon Moore thought up his 
eponymous law: 33 


5. Width in nanometers (nm) of Tukwila’s 
circuitry: 65 


6. Maximum read/transfer speed in MB/sec of 
Intel and Micron’s new NAND memory 
technology: 200 


7. Maximum write/transfer speed in MB/sec of 
Intel and Micron’s new NAND memory 
technology: 100 


8. Transfer ceiling of the USB 3.0 spec, in 
GB/sec: 4.8 


9. Position of Russia among all countries 
searching for “linux” on Google: 1 


10. Position of India among all countries 
searching for “linux” on Google: 2 


11. Number of Asian countries in the top ten 
searching for “linux” on Google: 3 


12. Number of European countries in the top 
ten searching for “linux” on Google: 7 


13. Number of North American countries in the 
top ten searching for “linux” on Google: 0 


14. Position of Russian among all languages 
searching for “linux” on Google: 1 


15. Position of English among all languages 
searching for “linux” on Google: 9 


16. Position of Ubuntu among all searches for 
Linux distros at trends.google.com: 1 


17. Position of “Make Ubuntu laptops cheaper 
than Windows laptops (in all countries)” 
among popular ideas at Dell’s IdeaStorm 
site: 1 


18. Number of entries in Dell IdeaStorm's most 
popular ideas: 20 


19. Number of popular IdeaStorm requests 
having to do with Linux, a distro or open 
source: 12 


20. Number of device models counted running 
Linux in Intel's Mobility booth at CES 2008: 5 


1-5: ZDNet 

6-8: Intel 

9-15: www.google.com/trends 

16-19: ideastorm.com 

20: /photos/linuxjournal at Flickr (models 
were Clarion, Aigo, Lenovo, Samsung and 
Digifriends) 
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Apache's Share Goes 
Back above 50% 


For more than a decade—from 
October 1995 to November 
2005—Apache’s growth in Web 


server market share went mostly 


up. In November 2005, the free 
and open Web server peaked at 
70.98% among Top Developers 

on the Netcraft.com survey for 

that month. 

Since then, the share most- 
ly has gone down. In October 
2007, Apache's share declined 
by 2.8% from the previous 
month, dropping to 47.73%, 
while Microsoft IIS gained 
2.08% to hold at 37.13%. 
That was Apache's lowest 
share advantage since IIS 
appeared in 1996. 

But since then, the 
trend has reversed 
again. The latest 
(February 2008) 
survey from Netcraft, 
with January 2008 
numbers, had Apache 
at 50.61% ona 1.04% 
share increase. 

Apache isn't only competing 


LinuxJournal.com 


We've had a pretty good couple of 
months over at LinuxJournal.com. 
James Gray has interviewed inter- 
esting folks from organizations 
such as Lesswatts.org, OSGeo and 
Mandriva. We appreciate these rep- 
resentatives taking the time to talk 
with us and share their insights. 
Our videos have been quite 
fun lately, thanks to Shawn 
Powers. In addition to his usual 
“gadget” reviews, he has broad- 
ened his focus to include reviews 
such as the open-source game, 
Battle for Wesnoth. He gave us 
a quick look at the game and 
tossed in some bonus footage 
of himself getting clobbered on 
screen, so it’s definitely worth 


with IIS, of course. Google 

appeared on Netcraft's survey in 

2007 and had a 5.33% share 
in January 2008. 

And, the market isn't a 
pie. Its size overall con- 
stantly grows. The total 
number of servers, 
Apaches included, has 
been sloping upward nearly 
every month since 1995. 
One exception is the cur- 
rent January 2008) report, 
where Netcraft notes 
“much slower growth”. 

One new open-source 
server to watch is nginx, or 
engine x. It’s an open- 
source server developed in 

Russia. In the Google Online 
Security Blog in June 2007, 
nginx had a 4% share (to 
Apache's 66% and IIS’s 23%). 
The nginx site currently says 
about 20% of Russian virtual 
hosts run on its server. On 
Netcraft, it cruised past 0.5% 
in January 2008. 

—DOC SEARLS 


checking out. If you missed his 
review of the X-Arcade, that is 
also worth a look. It will take you 
back to all those hours spent in 
arcades in the 1980s. You were 
there, weren't you? | was! All 
of our videos can be found at 
www.linuxjournal.com/video. 

As United States politics heat 
up, we invite you to take a break 
from the mainstream and join us in 
supporting an alternative approach 
this year over at tuxparty.com. 
There, our favorite mascot will 
throw out some issues that may not 
be addressed in conventional poli- 
tics. We support Tux for president, 
and hope you will too. 

—KATHERINE DRUCKMAN 
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He Said It 


Instead of the usual They Said It, this month we decided to compile quotations from Linus Torvalds alone, 


because they show a kind of historic turn as we head into an increasingly mobile Linux-based world. 


general) really care about: it 
should be completely invisible 
and nobody should give a 
flying f*** about it except the 
technical people. 


» To the Linux-Kernel Mailing 
List (LKML), May 25, 2007: 


don't feel you're in control, you 
start worrying. 

It’s Friday evening, and the US is Source: www.zdnet.com.au/news/software/soa/ 
preparing for a long three-day 
weekend, often considered the 


Torvalds-worries-about-patents-and-slow-storage/ 
0,130061733,339285687,00.htm. 


official start of summer here. 


So what's a pasty white nerd to 
do? You can’t go out on the 
beach, because the good-look- 
ing people will laugh at you and 
kick sand in your face. 


I'm not bitter. 


But now you can do something: 
you can download the latest 

-rc kernel, and smile smugly to 
yourself, knowing that you are 
running the latest and greatest 


The embedded people actually 
solved a lot of the power prob- 
lems, but they tended to solve it 
for their particular platform....You 
had ten solutions for ten different 
uses, then none were interchange- 
able because they were very spe- 
cialized....Now...we have a good 
over-arching model that works 
hopefully for everybody....We're 
just now at the stage where we 
can solve them for everybody. 


It's stupid—when you make a 
big deal about something like 
Vista or Leopard, a lot of it is 
about things | don’t consider to 
be the operating system. It’s 
about the visual shell around it. 
The fact that Microsoft tied the 
two together so much actually 
caused them problems, not just 
the legal problems. If you man- 
age a thousand clients, or a 
hundred thousand clients, which 
is not at all unheard of, you sure 
as hell don’t want to point and 
click at them. In many ways, 


Microsoft has had to fix the 
design mistakes they made 
when they thought the graphi- 


on your machine. And suddenly Source: www.zdnet.com.au/news/software/soa/ 


it doesn’t even matter that sum- Linux-is-ready-to-go-green-Linus-Torvalds/ 


0,130061733,339285555,00.htm. 


mer is coming, because you can 
just sit in the basement, and close 
the blinds, and bask in the warm 
light from your LCD, rather than 
the harsh glare of the daystar. 


The geeks with embedded hard- 
ware can consider themselves 
doubly special (and not just 
because your mothers told you 
you are), because we've got 
updates to ARM, SH and Blackfin. 


What more could you possibly 
want? 


Source: Ikml.org/Ikml/2007/5/25/439. 


| don’t even have a mobile 
phone! | hate phones in general, 
because I’m the kind of person 
that when | work | want to 
concentrate on my work, and if 
somebody calls me that com- 
pletely destroys my concentra- 
tion. | hate phones because they 
just disturb you, and mobile 
phones are even worse because 
you have them with you all the 
time, so | don’t do mobile 
phones at all. | have one of the 
early Linux mobile phones in my 
workroom because | got it for 
free, but it’s not turned on. 


cal approach should be a very 
intimate part of (Windows). 


To Microsoft and Apple, the 
OS is important as a way to 
control the whole environ- 
ment, from a marketing and 
money-making standpoint, to 
force people to upgrade their 
applications and hardware. 


| don’t think they’re equally 
flawed. | think Leopard is a 
much better system. On the 
other hand, (I've found) OS X in 
some ways is actually worse 
than Windows to program for. 
That filesystem is complete and 


» To various IDG publications 
in Australia in January 2008: 


utter crap, which is scary. | think 
OS X is nicer than Windows in 
many ways, but neither can hold 
a candle to my own (Linux). It’s 
a race to second place! 


Source: www.computerworld.com.au/index.php/ 
id;444282619. 

Technology doesn’t worry me. 
Stupid external issues, especially 
patents and stuff like that—those 
are the ones that worry technical 
people. Probably because they 
feel they can’t (including me) do 
a lot about them. When you 


» To the Sydney Morning 
Herald at the same event: Source: www.smh.com.au/news/technology/ 

q-and-a-with-linus-torvalds/2008/02/05/ 

1202090403120.html?page=2. 


—DOC SEARLS 


An OS should never have been 
something that people (in 
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OpenID’s Open-Source SSO Gains Momentum 


The decision by the Identity Gang (now 
formalized as Identity Commons) to get 
behind OpenID was an easy one: it was 
simple single sign-on, or SSO, and 
already in use at LiveJournal, the popu- 
lar blogging system created by Brad 
Fitzpatrick, famous as well for 
memcached and other fine 
hacks. Brad also made OpenID 
open source, making it easy 
for developers to work with 
and contribute to it. 

One remarkable fact about 
that Gang meeting (the first Internet 
Identity Workshop, in 2005) was that 
leading figures working on other identi- 
ty systems—people from Microsoft, 
Sxip, Cordance (i-names) and Higgins— 


all jumped in to find ways of working 
with OpenID. 
Since then, there have been many 
workshops, many meetings, much 
hacking and an acceleration of 
acceptance toward critical mass. 
You know that’s been 


Open 


achieved when Google, IBM, 
Microsoft, VeriSign and Yahoo join an 
organization's board all at once. That 
happened for the OpenID Foundation 
in February 2008. 


When | asked David Recordon, 
Vice Chair of the foundation board 
and OpenlD’s highest-profile advocate 
for his take on things, he said, “In 
2007 OpenID saw incredible momen- 
tum as it grew from a grass-roots 
technology to a common tool in a 

developer's arsenal. Already 
in 2008, it has grown to 
include support by Google 
in Blogger and Yahoo by 
enabling hundreds of millions 
of their accounts as OpeniDs.” 

To find out more, or to get your 
own OpenID, visit openid.net. See 
also Reuven M. Lerner’s column in this 
issue on page 18. 

—DOC SEARLS 


Spreadsheeting for Kids and Geeks 


The XO is a laptop for children. A prod- 
uct of the noncommercial OLPC (One 
Laptop Per Child) Project, and run by 
veterans of MIT's Media Lab, its brain- 
parent is Nicholas Negroponte, who 
says, “It’s an education project, not a 
laptop project”, and its goal is “to 
provide children around the world with 
new opportunities to explore, experi- 
ment and express themselves”. 

But, I’ve yet to see an XO in the 
hands of a child. Nearly all the OLPCs 
I've seen have belonged to geeks, or 
have been in use by them. As an exam- 
ple of the latter, see the shot taken at 
the latest Apachecon. 

As it's turning out, XO isn’t just a 
fun toy for geeks and kids, but a target 
for development as well—for example, 
the Sweet SocialCalc Project. Writes 
Dan Brickin: 


| purchased an OLPC XO com- 
puter during the Give One Get 
One campaign, which arrived 
around New Year's. | love my XO 
and see its great potential. 
When | tried my new code on it, 
the code actually ran quite well. 


...when we are done | hope we 
will have native OLPC code 


driving this (written in Python), 
so the JavaScript integrates with 
the OLPC user interface environ- 
ment (which is called Sugar, 
hence the word sweet)... 


Feedback is welcome, as are 
volunteers to help us make 
this project a reality. 


In the future, we will also be 
integrating this code into more 
traditional platforms for more 
traditional wiki-like collaboration. 


Before that, though, | need to 
complete the implementation of 
these libraries, adding more 
commands, functions, etc. 


Dan, by the way, is the other half of 
the pair that created VisiCalc, the first 
electronic spreadsheet. The other half 
was Bob Frankston, subject of a feature 
article this month (see page 42). 

For more, visit the Software Garden 
OLPC page: www.peapodcast.com/ 
sgi/olpc. 


—DOC SEARLS 
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UPFRONT 


What They’re Using 
Michael Anti and His Eee PC 


Michael Anti is an engineer and journalist 
whose work has appeared in the New 
York Times, Huaxia Times, 21st Century 
World Herald, Washington Post, Southern 
Metropolis Daily and Far and Wide 
Journal. He has been a researcher, a 
columnist, a reporter, a war correspondent 
in Baghdad (in 2003) and more—and 
achieved notoriety in 2005 when 
Microsoft deleted his blog. Today, he is 
best known for his landmark work on 
press freedom in China—efforts that have 
earned him a Wolfson press fellowship at 
Cambridge University and Nieman 
Fellowship at Harvard University. 

It was at a Harvard meeting where | 
noticed that Michael was using an ASUS 
Eee PC, with exceptional ease and enthu- 
siasm. Turns out, it’s one he bought from 
Amazon. It came new with Knoppix, but 
then he “cracked” it to do more than 
ASUS expects of ordinary users (for exam- 
ple, expanding windows to a full screen). 
| was impressed by how rapidly he typed 
on the keyboard. Later | found that he 
was actually typing in Chinese. | hadn't 
realized, until he explained it, that it’s 
actually possible to type Chinese at the 
speed of speech on a qwerty keyboard. 
“I type in Chinese about five times faster 
than | write”, he says. The word Harvard, 
for example, is four keystrokes rather 
than seven. So, if you know Chinese, 
you can use it as a kind of shorthand 
impressive. (As you see from the photo, 
he was using Smart Pinyin.) 

In sum, Michael said he has found 
the Eee PC ideal for three things: 1) 
hacking, 2) doing journalistic work and 
3) watching TV. (In fact, he believes it is 
“the future of the TV”.) 

Ethan Zuckerman, who was at the Mike Anti and His Eee PC 
same meeting, added, “l’ve seen these 
all over the place. | ran into (some) 
Asian businessmen in Amsterdam last 
week. And they were all carrying them. 
It’s caught on really, really fast.” 

His one caution is adaptation. It 
took him a week to get used to the 
smaller-size keyboard. Plus, he adds, 
“You should have some five minutes to 
get used to it” when you're coming 
from a normal-size keyboard. Seems like 
time he’s willing to invest. 


—DOC SEARLS Typing in Chinese Using Smart Pinyin 


16 | may 2008 www.linuxjournal.com 


Continuous Data Protection 
The Future of Data Centers 


Can your backup 
software do this? 
Daily Backups 
Hourly Backups 
Open File Backups 
Bare-Metal Restore 
Continuous Data Protection 
Restore Linux LVM 
Restore Linux Software RAID 
Easy To Use Web Interface 
Manage Thousands of Servers 


Control Panel Integration 


R1Soft 
CDP Server 


Acronis® 
True Image 


EMC 
Retrospect ° 


vu 


vv 


Not Supported 


Not Supported 


Vv 


Not Supported 


Vv 


Not Supported 


Not Supported 


Not Supported 


Not Supported 


Not Supported 


Not Supported 


Not Supported 


Not Supported 


Not Supported 


Not Supported 


Not Supported 


+ eS 


Not Supported 


Not Supported 


$99 /server‘ $699 /server | You Can’t Afford It 


(NEW) - CDP for MySQL add-on Now available | True-Granular Restore™ | Store over 50 recovery points per-day 
Bare-Metal Restore for MySQL Servers | Restore tables or databases to original or alternate locations and more.. 


For more information visit br call us at 800-956-6198 


Data Centers serious about uptime and performance use f1Soft. 
[wwwartseftcom} 


tPrice includes $600 Data Protection Server cost. Assumes minimum ratio of 25 protected servers per Data Protection Server 


Soft 


LINUX & WINDOWS 


Copyright 2007 Righteous Software Inc All Rights Reserved. 
R1Soft is a trademark of Righteous Software Inc. Other names may be trademarks of their respective owners. 


COLUMNS 


SF atierorce 


REUVEN M. LERNER 


OpenID 


An introduction to OpenlD, an open-source, distributed, single 
sign-on solution for Internet applications. 


Thank goodness for Firefox. Yes, it’s a great 
browser. Yes, it has all sorts of wonderful plugins 
that let me do everything from debugging my 
Web applications to checking the weather forecast. 
And, the fact that it works across multiple platforms 
makes it even better. 

But, as Web-based applications become an 
increasingly integral part of my life, I've grown 
dependent on Firefox’s ability to remember my pass- 
words. It might be silly, or even a bit pathetic, but 
there is no way | can remember all the different 
passwords I’ve created over the years. This is espe- 
cially true for sites where I’ve changed my password 
on occasion, either because my current password 
expired or because | decided to change it. 

This also means that when | use a different 
browser, or even a different computer, I’m often 
at a total loss. Sure, | remember some of my pass- 
words, but there is no easy way for me to keep 
track of all of them without writing them down 
somewhere. So, | do the digital equivalent—storing 
them in my browser—and make sure | have my 
laptop with me wherever | go. 

Juggling multiple passwords isn't new, of course. 
Even before the growth of Web applications, people 
were logging in to different computers, networks, 
e-mail accounts, database systems and so on. A 
number of companies made quite a bit of money 
from “single sign-on", offering back-end solutions 
that allowed people to log in to a single computer, 
providing them with access to many different ones. 

But, although the problem might not be new, its 
scale is unprecedented. We no longer are worried 
about several hundreds or thousands of individuals 
keeping track of a dozen passwords, with access to 
an IT support department. Rather, we now have to 
worry about many millions of people, each of 
whom has dozens of passwords and little or no 
technical support for any of them. 

Moreover, each Web site has its own particu- 
lar needs, not to mention its own unique user 
interface. And, to top it off, the world is quite 
different from a corporation; you can’t impose a 
standard solution from above. Rather, there must 
be a way to introduce competition into the 
equation, such that individuals can choose their 
own single sign-on provider. 

Over the years, a number of companies have 
tried to enter this space for Internet applications. 
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Perhaps the most famous (or infamous) was 
Microsoft's .NET Passport (now known as Windows 
Live ID), which was launched with great fanfare— 
and quickly attracted a great deal of negative atten- 
tion related to privacy concerns. Even if Microsoft's 
product was technically excellent (and I’m not 
knowledgeable enough to judge it), people did 
not want to be told with whom they must entrust 
private and sensitive data. 

An increasingly popular solution to this problem 
is OpenID. OpenID is not necessarily a new technol- 
ogy; it has existed in some form or another for sev- 
eral years already. However, it rapidly is picking up 
steam—so much that right before | wrote these 
words in February 2008, we saw Microsoft, Google, 
IBM, VeriSign and Yahoo embrace OpenID. 

Now, it’s true that the number of sites support- 
ing OpenID is currently small—numbering about 
8,000 at the time of this writing. However, the 
number is growing rapidly, and | expect the pace 
will pick up as the aforementioned Internet giants 
begin to get involved. 

What if you're smaller than Google or Microsoft? 
Is OpenID worth adding to your site? Is it relatively 
easy? The answer to both questions, I’m happy to 
Say, IS yes. 

This month, | discuss the user side of OpenID— 
how you register for an OpenID and how you man- 
age it. | also explain how the OpenID specification 
takes into account the fact that you might eventually 
need to change providers. 


The Basics of OpenID 
The term OpenID refers both to a person’s unique 
identifier and to the standard describing all the 
technology around that identifier. To create an 
OpenID, you must register with an OpenID 
provider. Once you have registered your OpenID, 
it is the provider that authenticates you for every 
Openl|D-enabled application you use. In other 
words, the OpenID provider is responsible for 
checking your identity, which normally means 
confirming that the user name and password you 
enter are acceptable. 

Thus, logging in to a site with OpenID means 
the following happens: 


m@ You tell the Web application you want to log in 
with the OpenID protocol. 


m@ You enter your OpenID (more detail on this shortly) 
into the application's login screen. 


@ The application sends you to the login screen for 
your OpenID provider. 


m If the provider accepts your credentials (normally, 
your user name and password), it asks you to 
confirm that your identity may be exported to 
the Web application, and if it may do so in the 
future as well. Obviously, if you indicate you 
are willing to share your identity with this Web 
application in the future, you will skip this step 
in the future. 


@ Once allowed to export your identity to the Web 
application, you are returned to the original 
application you wanted to use, logged in and 
ready to use it. 


Notice there are a few important differences 
here between OpenID and a “standard” login sys- 
tem. First, users authenticate against a different site 


from the one they are trying to use. This is similar to 
making a purchase via Google Checkout or PayPal, 
both of which require that users authenticate them- 
selves and authorize the purchase amount on their 
own sites, rather than on the site belonging to the 
on-line store. 

Some critics of OpenID say that users may be 
surprised or confused by the switch from one site to 
another, but | think Google Checkout and PayPal 
have demonstrated that a reasonable number of 
people are not put off by switching back and forth. 
Moreover, | have read that Firefox 3 will include 
some integrated OpenID support, which might 
remove some of the need to switch sites—or at 
least make it appear more integrated. However, I’ve 
been using the beta of Firefox 3 for several months 
and have yet to experience such integration. 

And, although | use the term Web application, 
there is no requirement that OpenlD be used only 
for Web-based applications. | expect that as OpenID 
takes hold, a large number of Internet-based appli- 
cations, obviously including those that run on the 
Web, will use OpenID. However, there’s no reason 
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why non-Web applications and services couldn't use 
OpenID as well. | even can imagine a day when you 
might use OpenID to enter your house or confirm 
your identity to your burglar-alarm company. In the 
world of OpenID, end-user applications are known 
as consumers, just as the OpenID authentication 
systems are known as providers. 

Most OpenID providers authenticate users with a 
user name and password. Over time, we can expect 
them to go in other directions as well—for example, 
using biometric authentication systems. And, although 
OpenID providers currently offer their services for 
free, it’s not hard to imagine a time in which some 
companies will charge for OpenID services, while 
others will support themselves via advertising. 
Because users can switch OpenlD providers at any 
time, and because users have a choice as to which 
one they will use, we can expect both competition 
and ingenuity to be the rule. 

One company, Vidoop, has a particularly inter- 
esting authentication mechanism, in which users 
select a pattern of images as their “password”. 
Each time a user wants to authenticate, a set 
of images—including those that the user has 


| even can imagine a day when you might 
use OpenID to enter your house or confirm 
your identity to your burglar-alarm company. 


selected—appears on a 3x3 grid, with each image 
in a randomly selected location and a random letter 
placed next to it. This effectively creates a one-time 
password, which users enter by typing the letters 
associated with the ordered set of images they 
originally chose. 

Finally, | should note that you can create and 
use as many OpenIDs as you like, just as you would 
normally create as many user names as you like on 
a Web site. Some people do this to separate their 
work ID from their personal ID, or just because they 
prefer not to put all of their eggs in one authentica- 
tion basket. Regardless, OpenID allows you to do 
this—although it is ironic that a single sign-on solu- 
tion would spur people to create multiple identities. 


Creating and Using an OpenID 
With all the background information out of the 
way, let's create and use an OpenID. An OpenlD 
is nothing more than a URL, typically written as 
http://USERNAME.PROVIDER.com. For example, my 
OpenID is http://reuvenmlerner.myopenid.com. 
Notice that | can share this URL publicly; there is 
no reason for me to keep it secret. MyOpenID.com 
is just one of several OpenlD providers. Indeed, 
many people already have an OpenID, even if they 
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don’t realize it. For example, if you have a blog at 
LiveJournal, that URL can be used as your OpenID. 

To sign up for an OpenID, simply go to the 
home page of your provider. For example, go to 
the MyOpenlD.com home page and click on 
“sign up for an OpenID”. That takes you to 
https://www.myopenid.com/signup, which 
asks you to enter a user name (it must be unique) 
and a password. You also can provide an e-mail 
address, which is optional, but doing so allows 
you to recover your password if you ever forget it. 
Finally, MyOpenlID.com uses a captcha to ensure 
that a person, rather than a program, is signing 
up for the account. 

Once you have signed up for an OpenlD, you 
can use it to log in to a Web site that supports it. 
Typically, logging in to a Web site requires that you 
enter both a user name and password. But, if you 
use OpenID, you enter in neither of these to the 
Web application’s login screen. Instead, you enter 
only the URL of your OpenID, including the http 
prefix that we so often ignore nowadays. 

For example, | can go to www.wikihow.com, a 
site that lets anyone create a how-to manual. | click on 
“create an account or log in” at the top of the page, 
which brings me to a login screen. The resulting screen 
tells me | can log in using OpenID, if | want, by going 
to www.wikihow.com/Special:OpenIDLogin. 
(In other words, wikiHow has two separate 
login pages: one for regular users with a user 
name/password combination and another for 
OpenID users, who enter only their OpenID URL.) 
Finally, | enter http://reuvenmlerner.myopenid.com 
into the text field. 

Because | had logged in to OpenID earlier, | was- 
n't asked to provide my password. However, this is 
the first time I’ve tried to log in to wikiHow with 
OpenID. Thus, MyOpenID.com must verify that | am 
willing to share information with wikiHow. | click on 
the allow forever button, which means whenever I’m 
logged in to MyOpenID.com, it should share infor- 
mation with wikiHow. After clicking this button, | am 
redirected back to www.wikihow.com, where | 
am logged in and identified by my first name. 


Switching Providers 
This system works quite well in my experience, and 
you quickly become used to the back and forth 
authentication process. However, major problems 
remain. What happens if MyOpenID.com goes out 
of business? What if its database is compromised? 
What if it turns out to be highly unethical and is 
using people’s IDs? What if | find a provider whose 
Web site is more attractive to me? 

| always can switch to a different provider, of 
course. But, that effectively means having a new 
and different user name on a site. On a social- 


networking site, this obviously would be disastrous, 
as | would need to reconnect from my new account 
to each of the people in my old account. 

The solution to this is quite clever. Instead of giv- 
ing people the OpenID | mentioned above, | instead 
give them an OpenID on a Web site that | control, 
whose URL is unlikely ever to change. For example, 
| can give an OpenID of http://reuven.lerner.co. il. 

| know that the lerner.co.il domain will remain 
mine forever. Thus, | can be reasonably sure that 
this URL also will be in my possession for a long 
time. Moreover, | control the contents of the home 
page. That page may contain any HTML content | 
want. But, it also should contain the following two 
<link> tags in the <head> section: 


<link rel="openid.server" href="http://www.myopenid.com/server" /> 


<link rel="openid.delegate" href="http://reuvenmlerner .myopenid.com/" /> 


We already saw how | can log in to wikiHow 
by giving my OpenID at MyOpenID.com. But, 
with the above lines in place, | also can log in to 
wikiHow by entering http://reuven.lerner.co. il. 

This tells wikiHow to retrieve the home page from 
my personal Web site. It uses the first <link> tag to 
know which server to use and the second <link> tag 
to know which user name and ID to authenticate. 
Everything then continues as usual. | authenticate 
myself as necessary against MyOpenID.com, which 
then redirects me back to wikiHow. 

The beauty of this redirection system is that if 
| decide against using MyOpenID for any reason 
in the future, | simply change the <link> tags 
in index.html. wikiHow and all other sites will 
follow whatever reuven.lerner.co.il points to, 
whether it’s MyOpenID.com, Vidoop.com or 
something else. In this way, | ensure that my 
OpenlD always is associated with the provider 
who offers me the best combination of security 
and usability for my purposes. 

Unfortunately, things don’t always go smoothly. 
For example, when | registered with wikiHow, it 
got my nickname (Reuven) from MyOpenID.com. 
When | try to log in with my new, redirected 
OpenID, wikiHow thinks it’s dealing with a new 
user—one whose requested nickname clashes 
with that of an existing user. So, the key is to set 
up and use the redirecting URL early on, and not 
switch to it after you already have used OpenID 
for some time. 

There are other problems as well. For example, | 
currently juggle two different sets of identities on- 
line, as Some companies want to deal only with US 
citizens living in the United States. And, although 
I'm currently back home in Modi’in, Israel, | contin- 
ue to have a US phone number (through Skype), a 
mailing address (at my parents’ house), and a US 


bank account and credit card. So, | need two sepa- 
rate identities: one with my Israeli information and 
another with my US information. 

Fortunately, OpenID 2.0 supports both the 
export of information to the consumer application 
and also the use of multiple personas. Each persona 
can have a separate name, nickname, image and 
location, and | can choose which persona is associ- 
ated with each consumer, under the umbrella of the 
same OpenID. 


Conclusion 

OpenID is an increasingly important standard that 
seems poised to have a central role in future Web 
and Internet-connected applications. Using OpenID 
is not terribly complicated for end users, and it 
supposedly is going to be integrated into Firefox 
in the near future. 

Next month, we will look at OpenID from the 
perspective of a Web site that requires users to 
register. How can you, as a Web developer, support 
OpenID on your site? We will see that with a bit of 
work, and some support from open-source libraries, 
we can support OpenID in our Web applications.™ 


Reuven M. Lerner, a longtime Web/database developer and consultant, is a PhD 
candidate in learning sciences at Northwestern University, studying on-line 
learning communities. He recently returned (with his wife and three children) to 
their home in Modi’in, Israel, after four years in the Chicago area. 


Resources 


The main site for OpenID information is 
openid.net. That site has documentation, 
mailing lists, links to software and lists of 
OpenID providers and consumers. 


A screencast that demonstrates many of the 
same ideas from this column is available at 
simonwillison.net/2006/openid-screencast. 


A discussion of the pros and cons of OpenID 
is at radar.oreilly.com/archives/2007/02/ 
pros_and_cons_o.html. 


Finally, a list of sites using OpenID, as well as 
providers you can use, is at openiddirectory.com. 
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MARCEL GAGNE 


Jumbled Words 


If the medium is the message, what happens if your understanding 
of the message rates only a medium? 


What on earth are you doing, Francois? Our 
guests will be here any moment. What are all 
these yellow sticky notes doing everywhere? Quoi? 
You're preparing for the telephony-themed issue? 
Although | admire your desire to help, | confess that 
this time, | really have no idea what you are doing. 
The telephone game? Of course | know what the 
telephone game is. You tell one person a phrase, he 
or she whispers it to another, who tells yet another, 
until you run out of players. The last player repeats 
what he or she thinks the message is, and it invari- 
ably turns out to be something totally different from 
what was originally selected. | still don’t see what all 
these notes are for. 

Ah, | see. They are anagrams, mostly of your 
first and last name, it would appear. You've got it all 
mixed up, mon ami. Anagrams, or word scrambles, 
have nothing to do with the telephone game other 
than that the message gets scrambled in some way. 
How many of these notes have you got scattered 
around the restaurant anyway? Never mind. | don’t 
want to know. Our guests are approaching as we 
speak. We'll discuss this later. 

Welcome, everyone, to Chez Marcel! Please take 
your seats and make yourselves comfortable. You 
may want to forgive the yellow notes all over the 
walls. My faithful waiter has gone anagram-crazy, 
and what you see is the result. Francois, if you 
would be so kind, please head down to the wine 
cellar. Over in the west wing, there are a few cases 
of 2002 Bolgheri Rosso Piastraia from Tuscany. 
Please, fetch some for our guests. 

While we await Francois’ return with the wine, 
let me show you a great little program for generat- 
ing anagrams. Written by Richard Jones (now main- 
tained by Paul Martin), an is a command-line pro- 
gram designed to generate anagrams. The program 
is extremely easy to use, but let me offer a quick 
word of caution. You'll want to use one or more of 
an’s command-line options as it is extremely liberal 
with the anagrams it returns, and you'll quickly 
drown in results. My own name, Marcel Gagne, 
generates 837,989 results if | tyoe an "Marcel 
Gagne". Notice that when using two words, | put 
them in quotation marks. If you use the -w option, 
an generates a list of unique words instead of myriad 
phrases. Using my name as the example, | get 318 
words. Compare that to a return of cam an ger g 1 e 
followed by cam an erg g 1 eandsoon. 
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Increasingly interesting results turn up if you 
specify words of a particular length. For instance, 
if you have ten letters to work with, and you'd like 
to see words of six letters or more, use the -m 6 
option, which stands for minimum word length of 
six. If you know that the word mossy can be gener- 
ated by the words you are using and you want to 
see all the combinations of “lost mysteries” that 
include mossy and contain a minimum of four let- 
ters per word, you might try typing the following: 


an -m 4 -c mossy "lost mysteries" 


A similar program is Evans A Criswell’s Wordplay. 
Wordplay is also a command-line program for gen- 
erating anagrams. Unlike an, Wordplay generates 
less words by default, but it also is more likely to 
generate meaningful results. There are command- 
line options to limit the number of words or charac- 
ters each word can have and so on. Simply type 
wordplay at the command line for a list of options. 

You can waste an amazing amount of time 
using these simple command-line anagram-genera- 
tors and discover some fascinating things. For 
instance, did you know that “red pestilence iota nil” 
is an anagram for “presidential election”? That's 
just silly, of course. After all, “lulu jar nixon” is an 
anagram for “Linux Journal”. Then again, so is 
“lunar join lux”. Francois! Thank goodness you have 
returned. Please, pour a rather large glass for each 
of our guests. 

So, what's the point of all this? Well, anagrams 
can be a great mental exercise, one that is a lot 
of fun. To that end, there are a number of great 
games based on anagrams and word scrambles. 
One of these is Joshua Keel’s Kanagram (Figure 1). 
Kanagram is not only a great game, it's also a great 
place to start our exploration of word scramble 
games. You shouldn't have any trouble getting your 
hands on this one, as it is very likely in your distribu- 
tion's software repository. Kanagram presents you 
with a scrambled word and asks you to decipher 
the word. There’s no ticking clock on this one, and 
you don't get dinged for getting the word wrong. 
To make the choice of words interesting, the game 
comes with a number of vocabularies. These are 
word categories, such as Computers, Inventions, 
Sports, Professions and so on. There also are generic 
vocabularies based on whether the words are easy, 


Figure 1. Kanagram turns anagram generation into a Figure 2. If you're not ready to give up, but you need a hint, 


stylish game. Kanagram understands. 

medium or hard. to another category with a click of the mouse. If 
On the left-hand side of Kanagram’s window, you know the word, type it in the white input box 

there's a large blackboard with the scrambled letters below the blackboard. At any time, you can ask for 

in the center. On the top right of the blackboard, a little help by clicking the word hint on the bottom 

the category is highlighted. You always can switch left of the blackboard (Figure 2). 
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There's a ticking clock, fun sound effects 
and multiple levels that can be reached 
only by making it past a certain percentage 


of the words successfully. 


That brings us to Kanagram’s right-hand side 
menu, cleverly designed to resemble a filing cabinet. 
If you do succumb to the pressure and need a hint, 
it appears in a pop-up near the bottom of the cabi- 
net. Scroll your mouse pointer over the cabinet’s 
drawers, and a tooltip describes what you'll find 
inside. You can jump to the next anagram, config- 
ure some of the program's functions, read the 
handbook or exit. 

As | mentioned in the introduction to the game, 
Kanagram comes with a handful of vocabularies, 
but there are more available for download in a 
number of different languages. Simply click the 
second file drawer to open Kanagram’s configuration 
dialog. You can look at existing vocabularies and 
create your own by clicking Vocabularies in the 
sidebar. To download new vocabularies, click 
New Stuff instead (Figure 3). 


@ contigure - tanagram » A * 
General 
4 
Ucabatorne slows you to download 
xy) new from the 
Shortcuts __ If¥SU Are connected to the intemet, press 


_ Bi belp = Defaure OK Apply @ Cancel 
Figure 3. List, create or download new vocabularies. 


When you click the Download New Vocabularies 
button, a new window appears showing what's 
available. You then can select and download 
vocabularies that appeal to you. 

If you could turn anagrams into an arcade game, 
it might look something like Tom Bradley's Scramble 
(Figure 4). There's a ticking clock, fun sound effects 
and multiple levels that can be reached only by 
making it past a certain percentage of the words 
successfully. On the surface, it doesn’t seem all that 
complicated. After all, each scramble consists of a 
measly six letters (“six letters” = “telex stirs”). When 
the letters appear on the placards at the bottom of 
the screen, click on the letters to form a word, then 
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Figure 4. Scramble jumbles a mere six letters. Think you 
can master it? 


click Submit (or if you prefer, type the word and 
press Enter). If the word exists, it will load up one of 
the empty word boxes, after which you can move 
on to the next word. 

Strangely enough, getting from one level to the 
next isn't always as easy as it looks. Sometimes, if 
you get really stuck, re-scrambling the letters can 
help—for that reason, you'll find clicking Shuffle 
every once in a while a handy thing. Did you, in a 
flash of brilliance, figure out the six-letter word? If 
you can guess the six-letter word right off the bat, 
you automatically move to the next level. Eventually, 
when you have exhausted all possibilities and the 
timer runs out, Scramble may deliver a classic 
arcade pat on the back. Yes, Scramble keeps track 
of high scores, and lets you enter your name in the 
high-scorers’ list. 

For the truly anagram-crazy, there’s Colm 
Gallagher's Anagramarama (Figure 5). It doesn’t 
quite maintain the arcade-like feel of Scramble, but 
it also doesn’t limit itself to six letters. In that 
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Figure 5. Anagramarama—more letters mean more words 
and more challenge. 


respect, it can be much more of a challenge, partic- When you click a letter from the top list of avail- 
ularly if you live for the thrill of building words from able letters, it drops into the Guess box below. After 
random collections of letters. you've assembled your word, or something you think 
might qualify as a word, simply click the green check 

mark. Keyboard racers may prefer to type the letters, 

Resources entering an anagrammatic stream of consciousness. 


“I'm upset” is an anagram for “Time's up”, and 


Source for an: ftp.debian.org/pool/main/a/an sadly, closing time approaches. Don’t be too upset 
though. I'm sure we can convince Francois to refill 
Anagramarama: www.coralquest.com/ our glasses a final time. And, while we sip our wine 
anagramarama (“mute sip” also is an anagram for “time’s up”), we 
may uncover some interesting anagrams by putting 
Marcel's Web Site: www.marcelgagne.com in the names of friends, family members and, of 
course, coworkers. 
Scramble: www.shiftygames.com/web2/ Raise your glasses, mes amis, and let us all drink to 
index.php?module=game&name=Scramble one another's health. A votre santé! Bon appétit!m 
Wordplay: hsvmovies.com/static_subpages/ Marcel Gagné is an award-winning writer living in Waterloo, Ontario. He is the 
personal/wordplay author of the Moving to Linux series of books from Addison-Wesley. He also makes 


regular television appearances as Call for Help’s Linux guy and every month on 
radio's Computer America show. Marcel is also a pilot, a past Top-40 disc jockey, 
writes science fiction and fantasy, and folds a mean Origami T-Rex. He can be 
reached via e-mail at mggagne@salmar.com. You can discover lots of other things 
(including great Wine links) from his Web site at www.marcelgagne.com. 


The WFTL-LUG, Marcel’s Online Linux User Group: 
www.marcelgagne.com/wftllugform.html 


Reliable Performance 


PGI compilers generate floating-point intensive executables 
that average 39% faster than GNU compilers*— it's like getting 
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DAVE TAYLOR 


Handling Errors 
and Making Scripts 


Bulletproof 


Shell scripts may be quick, easy and lightweight, but proper scripting 
includes the ability to anticipate and respond to error situations 
gracefully and without anything breaking. Dave explores some of 
the basic shell script error-handling options. 


| realize I’ve been playing a bit fast and loose with 
my shell scripts over the last few months, because 
| haven't talked about how to ensure that error 
conditions don't break things. If you read the Letters 
section in Linux Journal, you know | haven't covered 
this topic because, well, you have covered it for me! 
This topic ranges from the simple to the sophis- 
ticated, so let's start with a basic test: the return 
status after an application or utility is invoked. 


The Magical $7? Sequence 
Different shells have different return status indica- 
tors (the C shell, for example, uses $status), but the 
most basic is Bash/the Bourne shell, which is what 
we've focused on since | started writing Work the 
Shell, and it uses $?. 

Here's a quick example: 


#!/bin/sh 


mkdir / 
echo "return status is $?" 


mkdir /tmp/ foobar 
echo "return status is $?" 


rmdir /tmp/ foobar 
echo "return status is $?" 


rmdir /tmp 
echo "return status is $?" 


exit 0 
Run this, and you can see the difference 
between commands that succeed and those 


that fail: 


mkdir: /: Is a directory 
return status is 1 
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return status is 0 
return status is 0 
rmdir: /tmp: Not a directory 
return status is 1 


You can see that when invoking mkdir or rmdir 
with an error condition, they output an error and— 
the important part—the $? return status is nonzero. 

In fact, check out the man page for a typical 
command like mkdir, and you'll see: “DIAGNOSTICS: 
The mkdir utility exits O on success, and >0 if an 
error occurs.” 

In a perfect world, the >@ return code would 
actually tell you what happened, but although that's 
true with the functions accessible via software, it's 
not true for the shell. 

On the other hand, it’s still helpful to explore 
how to make a shell function that does error 
handling too. Here’s a basic example function: 


makedirectory() 
{ 
mkdir $1 
status=$? 


echo "return status is $status" 


This just makes a simple function that calls 
mkdir, and it should be no surprise that it works 
as follows if | invoke it three times—twice in error 
situations and once without an error: 


mkdir: /: Is a directory 

return status is 1 

mkdir: /tmp/foobar: File exists 
return status is 1 


It’s a drag to have mkdir generate an error mes- 
sage when you can produce your own simply by 


testing the $? status variable. 
Here's how you can do just that: 


makedirectory() 

{ 
mkdir $1 2>&1 > /dev/null 
status=$? 


echo "makedirectory failed trying to make $1 
(error $status)" 


} 


This is a bit tricky to understand, because you 
have to suppress the error message from mkdir 
so you can generate your own. That’s done by 
redirecting standard error to standard out (the 2>&1 
sequence) and then redirect standard output to 
/dev/null (the > /dev/null sequence). 

Tip: there’s a shorthand you could use here 
too, if you wanted to be a bit more cryptic: 
&>/dev/null. 

Now when running this, however, the output is 
far more sophisticated: 


makedirectory failed trying to make / (error 1) 
makedirectory failed trying to make /tmp/foobar 
(error 1) 


That's a nice way to deal with errors, and of 
course, the function can also return the error code, 
with return $status as the last line. 


Using test to Avoid Error Conditions 
The best way to handle errors is to capture error 
conditions beforehand. This is best done with the 
wonderful and powerful test command. For exam- 
ple, the two typical error conditions that you'd 
encounter with the makedirectory() function are the 
directory already existing or the script not having 
permission to create the directory. 

The first is pretty easy to test: 


Te PT =d. "$i" J. gothen 
echo "Error: directory $1 already exists." 
exit 0 

fi 


The second is a bit trickier because you need to 
grab the parent directory portion of the requested 
directory then test it to see whether you have write 
and execute permission to create the subdirectory. 
This can be done with the dirname function 
(which returns . if there’s no explicit directory 
given), followed by a test for -w for writeable 
and -x for executable. 

It all combines like this: 


parentdir="$(dirname $1)" 

if [ ! -x $parentdir -o ! -w $parentdir ] 

then 
echo "Uh oh, can't create requested directory $1" 
exit. 0 

ta 


This is a sophisticated use of the test command, 
but read “!" as “not” and “-o” as “or”, and you 
can see the test is “if not executable $parentdir or 
not writeable $parentdir then...”, and that should 
make sense! 


Avoiding Output Problems 

with noclobber 

Finally, another thing to be aware of with the shell 
is that it's all too easy to zap important files with a 
redirect. For example, this shouldn't work: 


$ who > who.output 
$ 1s > who.output 


The second command should generate an error 
because the output file already exists, right? But it 
doesn’t, and it simply trashes the who output with- 


In a perfect world, the >0 return 
code would actually tell you what 
happened, but although that’s true 
with the functions accessible via 
software, it’s not true for the shell. 


out a warning or error—not good. 

To avoid that problem, you'll want to set -o 
noclobber in scripts or, better, for your login shell, 
and let it be inherited by subshells, including those 
that run your shell scripts. A good place to put it 
could be in your .profile or .bashrec. 

With noclobber set, the two commands behave 
differently: 


$ ls > who.output 
-bash: who.output: cannot overwrite existing file 


That's useful for everyone, and doubly so for us 
shell script hackers, right?™ 


Dave Taylor is a 26-year veteran of UNIX, creator of The Elm Mail System, and 
most recently author of both the best-selling Wicked Cool Shell Scripts and 
Teach Yourself Unix in 24 Hours, among his 16 technical books. His main Web 
site is at www.intuitive.com, and he also offers up tech support at 
AskDaveTaylor.com. Follow him on Twitter if you'd like: twitter.com/DaveTaylor. 
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MICK BAUER 


Customizing Linux 
Live CDs, Part | 


Make your desktop completely portable with a custom live CD. 


In my recent column “Security Features in 
Ubuntu” (LJ, March 2008), | mentioned that the 
live CD method of running Linux from a CD-ROM 
or DVD rather than directly from a hard drive has 
important and useful security ramifications. | went 
on to promise that this would be the topic of a 
future column. 

Never one to renege on a promise, this month 
| bring you the first of a multipart series about Linux 
live CDs. In this month’s column, | describe some 
security usages for bootable Linux CDs and 
demonstrate a quick-and-easy way to customize 
the standard Ubuntu Desktop CD that allows you 
to change its included bundle of software. 


Uses of Bootable Linux CDs 

At this point, you may be wondering, “What's the 
big deal about bootable Linux CDs? Aren't all Linux 
installation CDs bootable?” 

On the one hand, yes. Linux installation CDs 
always have been bootable. But, not all Linux instal- 
lation CDs offer you the option of simply running 
Linux from the CD without installing it right away. 
This is the difference between a live Linux CD and 
an installer CD. 

Live CDs are especially handy for trying out a 
distribution before committing it to your hard disk. 
Usually, they include an installer applet that makes it 
easy to make that commitment, if you so choose. 
But, these are very general live CD uses. 

For the security-conscious user, or for the consci- 
entious-security user (but not for the unconscious 
user), live CDs also are useful, among other things, 
for the following: 


m@ Using untrusted hardware, such as public-use 
PCs at coffee shops. 


m@ Analyzing computers that may have been 
compromised. 


m@ Recovering data from systems that no longer 
boot for some reason. 


@ Running software you'd prefer not to install on 
your hard disk. 
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Depending on your needs, you might be perfectly 
happy using an existing Linux live CD distribution, 
such as Knoppix, BackTrack or Ubuntu Desktop. But, 
what if you want to apply the very latest security 
patches to the live CD's installed applications? 
What if your favorite live CD lacks an application 
you really need? Or, what if you don't want to 
have to configure things manually, such as network 
settings, after every single time you boot? 

These are some of the many reasons you 
might want to customize your Linux live CD. For 
the remainder of this month's column, | walk 
through the process of patching and adding 
security software to Ubuntu Desktop 7.10. Much 
of what follows applies directly to other squashfs- 
based distributions, such as Linux Mint, SLAX 
and BackTrack, and indirectly to most other live 
CD distributions. 


Prerequisites 
Before you can customize your Ubuntu Desktop live 
CD, you need several things: 


1. An ISO file for the current version of Ubuntu 
Desktop (or Linux Mint). 


2. The squashfs-tools package installed on your 
system. 


3. The mkisofs package installed on your system. 


You can get the ISO file in one of two ways: 
download it from www.ubuntu.com, or create it 
from an actual Ubuntu CD via the dd command, 
like this: 


bash-$ dd if=/dev/cdrom of=./ubuntu-7.10-desktop-i386.iso 


For the remainder of this article, | assume your 
ISO image resides in your home directory. | also 
assume you're running Ubuntu, but if you aren't, 
for commands that begin with sudo, you instead 
should do whatever else you usually do to become 
root temporarily (for example, su or su -c). 

The squashfs-tools package provides utilities 
for creating and mounting squashfs filesystems. 
Most of an Ubuntu live CD is taken up by one 


enormous squashfs image that is uncompressed 
and mounted as / when you boot the CD. To 
remaster the CD, you need to mount a copy of 
its squashfs image, change various files and 
directories in it, and save the edited directory 
structure as a new squashfs image. 

Finally, you'll use the mkisofs command to 
convert the various files and directories you've 
just edited into a single ISO image file. 

In describing how these three prerequisites relate 
to each other, | also discuss the three stages of the 
live CD remastering process: mounting the squashfs 
image, changing it in various ways and incorporat- 
ing it into a new ISO image. 


The Procedure 

The procedure I’m about to step through is 
based on the one at www.debuntu.org (see 
Resources). Much of what follows won't be very 
security-focused; in subsequent columns, I'll go into 
greater depth in applying this stuff to security appli- 
cations. Right now, my immediate goal is to tell you 


@2-$ sudo mount -o loop ./ubuntu-7.10-desktop-i386.iso ./isomount/ 


03-$ rsync --exclude=/casper/filesystem.squashfs -a ./isomount/ 


‘= /isonew/cd 


Line 03 uses rsync rather than cp, so you don’t 
need to repopulate the isonew/cd directory every 
time you make a new ISO image. Whenever rsync 
encounters identical files, it copies only the differ- 
ences in the new file to the old one, rather than 
copying the entire file (if there are no differences, it 
leaves the “target” version alone). 

Note: if you're working within some directory 
other than your home directory, and if that directory 
is on a Windows partition rather than a native Linux 
partition (such as ext2, ext3 or ReiserFS), you'll get 
many errors when copying files around—some of 
which may cause this procedure to fail. You don't 
need to do all of this within your home directory, 
but you should do it on a Linux partition. 

You've copied the skeleton of the original CD into 
isonew/cd, so now you can get busy with the squashed 


What if your favorite live CD lacks an application you really need? Or, 
what if you don't want to have to configure things manually, such as 
network settings, after every single time you boot? 


what you need to know to begin experimenting 
with your own customized live CDs right away, and 
I'm sure you'll think of cool things to do between 
now and my next column. 

In demonstrating these commands, I’m going to 
try a new convention that bends reality a little bit 
and will number each bash-prompt: 01-$, 02-$, and 
so on. This way, I'll be able to refer to each com- 
mand by line number. We'll see whether this helps, 
or whether I'm just getting nostalgic for my BASIC 
programming days—send me an e-mail if you have 
an opinion either way. 

First, log on as a nonprivileged user, open a 
command window (none of what we do here will 
require the X Window System), and navigate to 
your home directory. Type this command to create 
mountpoints for the old ISO image and its 
squashfs image, a top-level directory for creating 
the new CD file hierarchy and a directory for 
rebuilding the root filesystem that will become 
the new squashfs image: 


01-$ mkdir -p ./isomount ./isonew/squashfs ./isonew/cd ./isonew/custom 
Next, mount the original ISO image, and copy 


everything in it, except the squashfs image itself, 
into the /isonew/cd directory: 


root filesystem by enabling squashfs support in your 
running kernel and mounting the squashfs image: 


04-$ sudo modprobe squashfs 


05-$ sudo mount -t squashfs -o loop 
=» ./isomount/casper/filesystem.squashfs ./isonew/squashfs/ 


Next, copy the original root filesystem into the 
rebuild directory: 


06-$ sudo rsync -a ./isonew/squashfs/ ./isonew/custom 


Before you enter the Matrix by chrooting into 
this root filesystem and customizing it, you should 
make sure networking and the apt system will work 
once you do, by copying some configuration files 
from your running system: 


07-§ sudo cp /etc/resolv.conf /etc/hosts ./isonew/custom/etc/ 
08-§ sudo cp /etc/apt/sources.list ./isonew/custom/etc/apt/ 


This assumes, of course, that your running system 
is communicating with the network properly and that 
its sources.list file includes entries for the universe, 
multiverse and partner repositories (or anywhere else 
from whence you intend to obtain packages). If you 
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have anything else you'd like to include in your cus- 
tom live CD, such as other configuration files, docu- 
ments, images and so on, now is a good time to copy 
those over too. Just remember that space is precious. 

Now you're ready to enter your new root filesys- 
tem. I've written extensively about using chroot 
jails to contain server daemons, so that if they're 
hijacked, the attacker gains access to only a small 
subset of your filesystem. Well, right now, you're 
about to chroot yourself, so that all changes you 
make—adding and removing packages, download- 
ing updates, editing configuration files and so on— 
are applied to your custom ISO's root filesystem, not 
your underlying system’s root filesystem. 

Here’s how to swallow the Blue Pill: 


09-$ sudo chroot ./isonew/custom 


From this point on, until you type the command 
exit (step 22, below), you'll be in an environment 
in which / is no longer your underlying filesystem’s 
root, but actually /nome/you/isonew/custom (where 
/home/you is your local home directory, or wherever 
else you created the isonew hierarchy). 

Now that you're jacked in, you need to bring 
the proc and sysfs filesystems on-line, so that 
your “real” system's kernel can interact properly 
with the “fake” system represented by your 
soon-to-be-customized root filesystem. Now, set 
your home directory to /root (actually /home/you/ 
isonew/custom/root): 


10-# mount -t proc none /proc/ 
11-# mount -t sysfs none /sys/ 


12-# export HOME=/root 


aptitude vs. apt-get 


Note that I’m using apt-get here, rather than the more-sophisticated 
aptitude. This is because one of aptitude’s key features, the ability to 
delete packages that are no longer necessary automatically, can be 
dangerous when used on any system on which packages have been 
installed by any tool other than aptitude. 


Because aptitude maintains its own database of installation histories, 
it can miss key dependencies in this context and remove packages 
that you do, in fact, need. Therefore, you should use aptitude only to 
remove programs that you installed with aptitude. If you later need to 
undo an installation that included automatically installed dependen- 
cies, you can use apt-get autoremove <packagename> to achieve 
the same thing. 
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Note that the prompts in my examples have 
switched to # from $, indicating that you're now 
running in a root shell. This is necessary, because 
you'll need to be root in order to exit the chroot jail 
you've voluntarily entered. 

Now you're ready to customize. This is the part 
when you don’t necessarily need my help; you can 
be creative. For example purposes though, let's 
make some space for new packages and update the 
ones that are left. 

What are you going to use your new live CD for? 
Secure Web browsing using untrusted hardware isn’t 
a bad start. You shouldn't need OpenOffice.org for 
that, and it takes up something like 85MB of your 
compressed squashfs image (remember, a standard 
CD ISO can’t be larger than 650MB). 

You can remove OpenOffice.org, plus a couple 
of things upon which only OpenOffice.org depends, 
like this: 


13-# apt-get remove --purge ‘dpkg-query -W --showformat='${Package}\n' 
‘=> |grep openoffice 


Did you notice the embedded 
dpkg-query...|grep... command? It queries 
the root filesystern‘s deb-package database for a 
complete list of installed packages. The output of 
this is piped through a grep search for the string 
“openoffice”. You can use the command in line 
13 to find and purge other groups of packages by 
simply changing the grep query. 

Suppose you also want to get rid of The GIMP, 
which takes up more than 6.5MB (after compres- 
sion) on your live CD image. So, swap out the string 
“openoffice” in the previous command with 
“gimp”, like this: 


14-# apt-get remove --purge ‘dpkg-query -W --showformat='${Package}\n' 
“grep gimp” 


Other good candidates for removal include non- 
English language packs (which take up anywhere 
from 0.5-1.5MB compressed), and multimedia 
applications such as Rhythmbox, totem and sound- 
juicer, which take up a few megabytes each, even 
after compression, and are unlikely to be useful for 
security purposes. 

Decide for yourself. Browse through the list of 
installed packages with a quick aptitude search 
~i |less. If you mistakenly purge something you 
decide you actually need, you always can exit the 
chroot jail and re-execute the rsync command on 
line 06. 

So, Now you've made room for your custom 
toolkit. If you want to use your live CD for anony- 
mous Web surfing, you may want to install Tor and 
Privoxy. First, you need to update your custom root 


filesystem’‘s package database to synchronize it with 
the sources.list file you copied over in line 08: 


15-# apt-get update 


Now, you can use apt-get install just as you 
would on any other live system to install your cus- 
tom packages: 


16-# apt-get install tor privoxy 


As a professional paranoiac, I'd be remiss if | 
didn’t point out that both of these packages are 
from Ubuntu’s universe repository, and as such, 
they aren't provided with the same level of sup- 
port as packages in the main and restricted reposi- 
tories, although the Ubuntu MOTO Security Team 
does its best to keep up with security patches. This 
is a trade-off you'll probably find yourself making 
frequently, however. As | pointed out in my col- 
umn in the March 2008 issue, many of Ubuntu's 
most useful security utilities are available only in 
the universe and metaverse repositories. 


After you've installed your custom applications, 
make sure your entire system is fully patched. As 
with any other Ubuntu (or other Debian-based) 
system, you can use apt-get dist-upgrade. 
Because this will result in quite a bit of updates 
being downloaded and installed, and because 
space is at a premium on our ISO image, immedi- 
ately follow the upgrade with a clean: 


17-# apt-get dist-upgrade 
18-# apt-get clean 


Come to think of it, this one step—upgrading 
the live CD's packages—may be the only security- 
related reason you need to customize your live CD. 
Applying security patches is that important! 

There's just one more thing to do before packing 
up your new ISO: custom configuration. You may 
want to edit the hosts or resolv.conf files you copied 
over before (or, after exiting the chroot jail, you simply 
may want to copy over them with the originals from 
/isonew/squashfs/etc). You may want to preconfigure 


Expert included. 


As a Sales Engineer for Silicon Mechanics, Scott's job is to consult with customers, understand your processing and 


storage needs, and then configure the systems that will work for you. So what's the latest addition to Scott's toolbox? 


The flexible, efficient, and manageable Bladeform 5100 Series from Silicon Mechanics. 


You begin with the 6U Bladeform 5100 enclosure, and you add the modules you need. The enclosure supports 
up to 6 of our 5110 Compute Modules, each with 2 Intel® Xeon® 5000 Series CPUs with available Quad-Core 
or Dual-Core options. You can add up to 2 Storage Control Modules with RAID 6 support, 2 Gigabit 

Ethernet switches, and 4 1000-Watt power supplies. Scott will be happy to help you figure out the 


optimal combination for your deployment. 


When you partner with Silicon Mechanics, you get more than flexible Intel solutions for 


small business—you get an expert like Scott. 


{7 mechanics 


See the Silicon Mechanics 
Bladeform 5100 Series at 


www.siliconmechanics.com/5100 


Silicon Mechanics and the Silicon Mechanics logo are registered 
trademarks of Silicon Mechanics, Inc. Intel, the Intel logo, Xeon, 
and Xeon Inside, are trademarks or registered trademarks of Intel 
Corporation in the US and other countries. 


Xeon 


inside” 


Powerful. 
Efficient. 


COLUMNS 
» PARANOID PENGUIN 


Appendix 


Here's the complete procedure, in the form of a raw list of all 16-# 
commands described in this article. The $ prompt indicates 
commands executed as an unprivileged user, and the # 17-# 
prompt shows commands that are executed by root. 

18-# 
00-$ dd if=/dev/cdrom of=./ubuntu-7.10-desktop-i386.iso 

19-# 
Q1-$ mkdir -p ./isomount ./isonew/squashfs ./isonew/cd 
= ./isonew/custom 20-# 
@2-$ sudo mount -o loop ./ubuntu-7.10-desktop-i386.iso ./isomount/ 21-# 
@3-$ rsync --exclude=/casper/filesystem.squashfs -a ./isomount/ 22-# 
‘=> ./isonew/cd 

23-$ 
04-$ sudo modprobe squashfs 

24-§ 


Q5-$ sudo mount -t squashfs -o loop 


= ./jsomount/casper/filesystem.squashfs ./isonew/squashfs/ 


06-$ sudo rsync -a ./isonew/squashfs/ ./isonew/custom 


07-$ sudo cp /etc/resolv.conf /etc/hosts ./isonew/custom/etc/ 


08-$ sudo cp /etc/apt/sources.list ./isonew/custom/etc/apt/ 


apt-get install tor privoxy 


apt-get dist-upgrade 


apt-get clean 


rm -rf /tmp/* 


umount /proc/ 


umount /sys/ 


ane 


chmod +w ./isonew/cd/casper/filesystem.manifest 


sudo chroot ./isonew/custom dpkg-query -W --showformat='${Package} 


>${Version}\n' > ./isonew/cd/casper/filesystem.manifest 


25-$ 


sudo cp ./isonew/cd/casper/filesystem.manifest 


> ./isonew/cd/casper/filesystem.manifest-desktop 


26-$ 


sudo mksquashfs ./isonew/custom 


=> ./isonew/cd/casper/filesystem. squashfs 


sudo rm ./isonew/cd/md5sum. txt 


sudo -s 


cd ./isonew/cd 


find . -type f -printO | xargs -0 mdSsum > mdSsum.txt 


exit 


./isonew/cd 


33-$ sudo mkisofs -r -V "Ubuntu-Live-PrivateSurf" -b 


> isolinux/isolinux.bin -c isolinux/boot.cat -cache-inodes -J -1 


>-no-emul-boot -boot-load-size 4 -boot-info-table -o 


27-$ 
Q9-$ sudo chroot ./isonew/custom 

28-$ 
10-# mount -t proc none /proc/ 

29-# 
11-# mount -t sysfs none /sys/ 

30-# 
12-# export HOME=/root 

31-# 
13-# apt-get remove --purge ‘dpkg-query -W --showformat='${Package}\n 
|grep openoffice 32-$ 
14-# apt-get remove --purge ‘dpkg-query -W --showformat='${Package}\n 
“grep gimp” 
15-# apt-get update 


>~/Ubuntu-Live-7.10-PrivateSurf.iso . 


Tor by editing /etc/tor/torrc and /etc/tor/tor-socks.conf, 
and Privoxy via the files in /etc/privoxy. 

As with removing and installing packages, this 
process is the same as on any other system: fire up 
your (non-GUI) text editor of choice (nano, vi and 
ed are all present in the standard Ubuntu ISO), and 
edit anything that needs editing. 

Are you done customizing? If so, you can 
take your Red Pill and exit the Matrix—I mean, 
the chroot jail. On your way out, empty the /tmp 
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directory, and unmount the chrooted /proc and 
/sys filesystems: 


19-# rm -rf /tmp/* 
20-# umount /proc/ 
21-# umount /sys/ 


22-# exit 


You're back in reality (at least, back in your 
previous working directory on the underlying 
system). Before you pack up your ISO, you'll have 
to build a new manifest file (a list of all packages 
in the new live CD root filesystem), recompress 
the customized root filesystem into a squashfs 
file and regenerate the md5sum of your live 
CD files. 


33-$ sudo mkisofs -r -V "Ubuntu-Live-PrivateSurf" -b 

‘=> jsolinux/isolinux.bin -c isolinux/boot.cat -cache-inodes -J -1 
‘=>-no-emul-boot -boot-load-size 4 -boot-info-table -o 
‘=>~/Ubuntu-Live-7.10-PrivateSurf.iso . 


Your home directory now contains a new 
customized live CD ISO file, named Ubuntu-Live- 
7.10-PrivateSurf.iso. You can boot it directly from 


Right now, my immediate goal is to tell you what you need to know to begin 
experimenting with your own customized live CDs right away, and I’m 
sure you ll think of cool things to do between now and my next column. 


First, to rebuild your manifest file: 
23-$ chmod +w ./isonew/cd/casper/filesystem.manifest 


24-$ sudo chroot ./isonew/custom dpkg-query -W --showformat='${Package} 


${Version}\n' > ./isonew/cd/casper/filesystem.manifest 


25-$ sudo cp ./isonew/cd/casper/filesystem.manifest 


=>. /isonew/cd/casper/filesystem.manifest-desktop 


In line 23, you made the old manifest file 
writeable, so you could copy over it. In line 24, 
you temporarily popped back into the root 
filesystem chroot jail to generate the package 
list with dpkg-query. And in line 25, you copied 
the new manifest into an identical file called 
filesystem.manifest-desktop. 

Now you can resquash your root filesystem: 


26-$ sudo mksquashfs ./isonew/custom 
=. /isonew/cd/casper/filesystem. squashfs 


If you like, you can edit the DISCNAME parameter 
in the file ./isonew/README.diskdefines. Regardless, 
next you should regenerate your live CD’s md5sum, 
so you can detect tampering later on: 
27-$ sudo rm ./isonew/cd/mdSsum. txt 
28-$ sudo -s 
29-# cd ./isonew/cd 
30-# find . -type f -printO | xargs -@ mdS5sum > md5Ssum.txt 


31-# exit 


And, you've reached the final step. Now you can 
write your finished ISO image file: 


32-$ cd ./isonew/cd 


hard disk using VMware, QEMU or some other 
virtualization engine to test it. Or, of course, 
simply burn it to CD using your CD-writing utility 
of choice. 


Conclusion 
You've now got the basic technique for customizing 
an Ubuntu live CD. Although | didn’t go into 
much depth showing actual customizations 
beyond removing and adding packages, I'll continue 
this series next time with detailed guidance on 
bundling and preconfiguring specific security 
tools into your live CD. 

Until then, have fun experimenting with live 
CDs, and of course, be safe!m 


Mick Bauer (darth.elmo@wiremonkeys.org) is Network Security Architect for one 
of the US's largest banks. He is the author of the O'Reilly book Linux Server 
Security, 2nd edition (formerly called Building Secure Servers With Linux, an 
occasional presenter at information security conferences and composer of the 
“Network Engineering Polka’. 


Resources 


Debuntu.org’s “Customize Your Ubuntu Live 
CD" Tutorial: www.debuntu.org/ 
how-to-customize-your-ubuntu-live-cd 


Jeffery Douglas Waddel’s “Secure Boot CDs for 
VPN HOWTO”: www.linux.org/docs/Idp/ 
howto/Secure-BootCD-VPN-HOWTO.html 


Daniel Barlow's “Building Your Own Live CD”: 
www.linuxjournal.com/article/7246 


Did you know Linux Journal maintains a mailing list 
where list members discuss all things Linux? Join LJ's 
linux-list today: http://lists2.linuxjournal.com/mailman/ 
listinfo/linux-list. 
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Wy 


KYLE RANKIN 


Last-Minute Secondary 


Mail Server 


Is your primary mail server down with no spare set up? Find out 
how to set up a quick-and-dirty secondary mail server to tide you 


over until the primary is back. 


It’s easy to build redundant systems when time 
and money are limitless. When you have neither, 
or you are designing a personal system, often 
backups and redundancy are parts of the project 
you plan to get to on a rainy day. Of course 
inevitably, you put those tasks off until the main 
system fails, and then you scramble to pick up 
the pieces. Setting up RAID and doing backups, 
in fact, are probably the most common examples 
of these do-it-on-a-rainy-day tasks (and if you 
haven't heard yet, they are not the same thing). 
We all know we should back up important data, 
and we should set up a RAID on that important 
file server, and by now, enough of us have been 
bitten by that mistake that I’m not going to talk 
about either today. Instead, I’m going to talk 
about one of those services that gets less atten- 
tion: your mail server. 


It is important to have a backup mail 
server, but whether you work for a small 
company, or you administer your own 
personal mail server, you might not have 
gotten around to a secondary mail relay. 


It is important to have a backup mail server, 
but whether you work for a small company, or 
you administer your own personal mail server, you 
might not have gotten around to a secondary mail 
relay. Then, disaster strikes. It could be that the 
primary mail server’s hardware failed, or maybe 
it was hacked. In either case, it is going to be 
down for a few days. In the meantime, you still 
would like to be able to send and receive e-mail. 
In this column, | cover a few easy, and more 
important, quick steps to create a secondary mail 
relay to tide you over until the primary can come 
back on-line. 

Now, my preferred method for an emergency 
mail server uses a Knoppix disc. | always have 
one around somewhere, and because | can install 
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just about any software | need on the live CD, it 
is ideal when | need a basic Linux system fast. | 
can just locate a spare machine, boot Knoppix 
on it, and set up my server. When the emergency 
is over, | can shut it off with no commitment. 

Then again, you might want to make this sec- 
ondary mail server a bit more permanent. These 
same steps will work just fine on any ordinary Linux 
system that has postfix available. 

Before you perform any steps, be sure to 
choose a server that has enough storage to store 
your mail. This number varies based on your 
e-mail traffic and the number of clients on the 
server, but the machine will need to store all 
incoming mail locally until the primary server 
comes back up. So, if you get 50MB of mail each 
day and plan for the primary to be down for three 
days, you should have at least 150MB of spare 
storage for the mail spool in /var/spool/postfix 
plus extra, just in case. If you don’t have enough 
spare storage or you use Knoppix for this, mount 
an extra partition, create a postfix directory on it 
and symlink /var/spool/postfix to it. 

Now that you have chosen a server, the first step 
is to install postfix. Postfix is a common package 
and should be available for any major Linux distribu- 
tion you use. On Debian-based systems, the installa- 
tion process automatically runs a configuration 
script to set up a reasonable default config. If you 
do run into this script, choose the “Internet Site” 
configuration type and accept the rest of the 
defaults in the script. Alternatively, you can copy a 
default configuration that ships with your postfix 
package or run it through a configuration script 
your distribution includes. 

Once postfix is installed, you need to tweak 
the default configuration so that it can act as your 
mail relay. Postfix makes this pretty simple, and 
you need to worry about only a few configuration 
options. Edit the /etc/postfix/main.cf file, and 
locate a line called mynetworks. This option tells 
postfix for which networks to relay mail. Ideally, 
you should set this only for internal networks or 
specific external hosts you trust will not relay 


spam through your system. If you allow all net- 
works, you have just turned your system into an 
open relay and will likely find yourself on a spam 
black-hole list in no time. If your local network is 
192.168.1.x, for instance, you would add an entry 
for that and for localhost: 


mynetworks = 127.0.0.0/8, 192.168.1.0/24 


Next, you need to tell postfix for which incoming 
domains it will accept mail for relay. This variable 
will be set to any domains for which you accept 
incoming mail. So, if you own example.com and 
example.org, for instance, you would add: 


relay_domains = example.com, example.org 


You even can act as a secondary mail server for 
friends. Simply add their domains here as well, and 
your mail server will accept incoming mail to those 
domains and then forward it to the appropriate 
primary mail server. How does it know which server 
to use? It relies on DNS, which | discuss shortly. 

The final postfix options to change tell postfix 
how long to spool and attempt to deliver mail 
before it bounces it. By default, postfix queues mail 
for three days, and during that time, it continuously 
attempts delivery. After three days, postfix bounces 
the mail and sends an e-mail notification to the 
sender that the e-mail could not be delivered. If 
your primary server is going to be down for a few 
days, you probably will want to extend this default. 
Locate the following values (or add them if they 
aren't defined) in /etc/postfix/main.cf, and edit them 
so they look like the following: 


bounce_queue_lifetime = 14d 
maximal_queue_lifetime = 14d 


Here | increased the maximum time to 14 days, 
but you can change it to a value that makes sense 
for you. Generally, you don't want to hold on to 
e-mail for too long, as senders likely will want 
to know eventually if their e-mail could not be 
delivered. Once these options are changed, type 
/etc/init.d/postfix start to start the service, 
or type /etc/init.d/postfix reload, if postfix 
already is running. 

Next, test the server. Either configure your mail 
client to use this server as its SMTP gateway and 
then send an e-mail to your domain, or if you 
feel fancy, connect to port 25 on the server using 
Telnet, and type the raw SMTP commands. Check 
/var/log/mail.log or /var/log/maillog to confirm that 
postfix accepted and spooled your mail. 

The last step is to configure your DNS server so 
that it lists your new machine as a secondary mail 


server for your domain. Your DNS server should 
have at least one MX record defined that looks 
something like this: 
example.com. IN MX 100 maill.example.com. 

If | created a new mail server and added its IP to 
DNS so that mail2.example.com pointed to it, | then 
would add the following line to my DNS zone: 
example.com. IN MX 200 mail2.example.com. 

Because | assigned mail2 a higher value (200) 
than mail1 (100), other mail servers know that 
mail1 is my primary and that mail ultimately will 
land there. However, if mail1 is unavailable, they 
know that they can attempt delivery on mail2 
(and some mail servers attempt mail delivery on 
secondary servers first anyway). Once my DNS 
zone is reloaded, mail that has been queued up 
on remote servers ever since mail1 went down 
should start being delivered to mail2. Be sure to 
add this DNS entry for any domains you added in 
the relay_domains option. It also may go without 
saying, but be sure that mail2.example.com 
points to an external IP address that lands on 
your mail server. 

As this server runs, monitor its storage to 


Once your primary server comes back up, 
postfix will start delivering its queued 

messages automatically (it actually will 
have been attempting it the entire time). 


make sure you have plenty for new incoming 
mail. You also can run the mailq command to 
see all the queued messages. Once your primary 
server comes back up, postfix will start delivering 
its queued messages automatically (it actually 
will have been attempting it the entire time). By 
default, postfix will throttle this delivery so it 
doesn't flood the primary mail server, but if you 
want all of the queued e-mail delivered immedi- 
ately, type postqueue -f. 

With the primary machine back up, you might 
want to take down this temporary machine or at 
least work on a more permanent solution. If you do 
take it down, be sure to remove its MX record from 
all your DNS servers. You do have redundant DNS 
servers, right?™ 


Kyle Rankin is a Senior Systems Administrator in the San Francisco Bay Area and 
the author of a number of books, including Knoppix Hacks and Ubuntu Hacks for 
O'Reilly Media. He is currently the president of the North Bay Linux Users’ Group. 
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NEW PRobUCTS 


Norman Matloff and P.J. Salzman’s MDEDUCCING WITH 
Debugging with GDB/DDD (No Starch Press) Gd8/DDD 


The new book Debugging with GDB/DDD by Norman Matloff and PJ. Salzman, published by No Starch 

Press, highlights the importance of debugging to successful software development. Focusing on GDB, a 
popular open-source debugger, the book shows developers how to reduce the time they spend finding and 
fixing programming errors. Debugging’s approach is to apply a range of real-world coding errors, from 
simple typos to major logical blunders, to illustrate how to manage memory, understand core dumps and 
trace programming errors to their root causes. The book also covers topics missing from other debugging 
books, such as threaded, server/client, GUI and parallel programming. 


www.nostarch.com 


: = Cohesive Flexible Technologies’ 
uby on Rails ; 
Elastic Server On-Demand 


Som emt Community Edition 


Svarem Contiguration Cusgem 


Seay tes ap ane renting’ 2s Fresh out of beta is Cohesive Flexible Technologies’ Elastic Server On-Demand 
ws nioiben OY os (ESOD) Community Edition virtualization platform. The product is a free Internet 
a my platform for independent developers and individual enterprise developers to take 
~ se advantage of virtualization and cloud computing utilities like Amazon's Elastic 
—_ sapicenaiaa Compute Cloud. Users can “take their application stack ‘recipes’, capture them, 
~~ eet pccenewete " and reproduce them as virtual servers rapidly and automatically”, says CohesiveFT’s 
tars UE CTO. The firm claims to be the “first service to offer developers and operations 
+ ms complete control of their server assembly, independent of which virtualization or 
cloud technology they require.” The ESOD Community Edition is free to use and is 
oar intended for individual developers and noncommercial, nonproduction use. 


www.cohesiveft.com 


TotalView Technologies’ Workbench Manager 


Adding to its rich portfolio of debugging tools, TotalView Technologies has released 
Workbench Manager, an application that allows developers to create an integrated, 
cohesive view of the development and debugging work-flow process. One can 
manage any version of TotalView Debugger, MemoryScape memory debugger and 
any third-party application used for development and debugging, all from a single 
dashboard-like GUI. As a result, you easily can integrate both commercial and 


open-source tools in your toolchain. TotalView Technologies’ products can be used 


to debug Linux, Mac OS X and UNIX applications running on development | OO | A LVI Ee W 
machines with single, dual-core, multicore or multiple processors. 


TECHNOLOGIES 


www.totalviewtech.com 


| ee. | Gary E. Sherman's Desktop GIS 
(Pragmatic Bookshelf) 
Desktop GIS 


Mapping the Planet A book on a specific Linux topic typically means it's on the cusp of breaking out. Such is 
saphena the case with Geographic Information Systems (GIS), the focus of the new book Desktop 
GIS: Mapping the Planet with Open Source Tools by Gary E. Sherman and the Pragmatic 
Bookshelf. The book's purpose is to help you deal with the issues involved in assembling 
your GIS toolkit, such as choosing the right platform and tools, dealing with integration 
issues and getting support. Sherman introduces the main open-source applications, such 
as GRASS, Quantum GIS, uDig and others, and also delves into scripting with various 
languages. The author is the founder of the Quantum GIS Project. 


www.pragprog.com 


Gary E Steven 
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NEW PRODUCTS | 


Softintegration’s Ch and Embedded Ch 


New on the development scene are Softintegration’s Ch 6.0 and Embedded Ch 6.0, interpreters for 

cross-platform scripting, 2-D/3-D plotting, numerical computing, shell programming and embedded 

scripting. New features in v6.0 include debugging capability, a user-friendly IDE for teaching/learning 
programming (in the Professional Edition) and new plotting features, including multiple coordinates 

and new plotting types. Ch and Embedded Ch are available for Linux x86, Linux PPC, Windows, 

Mac OS X, Solaris, HP-UX, FreeBSD and QNX Neutrino RTOS. 


www.softintegration.com 


ADLINK Technology's ALS-3206 Rackmount 
Network Security Platform 


ADLINK Technology has just beefed up your options for network security, 
adding the ALS-3206 Rackmount Network Security Platform to its solutions 
palette. The ALS-3206 series is billed as a flexible, mid-range, cost-effective 
solution for IDS, IPS, UTM, firewall, VPN gateway, load balancing and traffic- 
mining applications. The line further supports several Intel processors and 
chipsets and provides six gigabit Ethernet ports, one PCI extension slot and two configurable PCI-X slots. One of the PCI-X extension slots 
can be configured to extend a four-port gigabit Ethernet card and the other to extend a network security accelerator. This combination 
of features is suited, says ADLINK, for antivirus software security, content security and PKI software applications. 


www.adlinktech.com 


FI oc 
Se = Open-Xchange Community Edition 
ae ee a eS You can feel the trembling emanating from Redmond after Open-Xchange’'s 


Atutene Lawemry 


announcement of its newly GPL'd Open-Xchange Community Edition (OXCE). 
Open-Xchange calls OXCE “the only remaining independent open-source 
alternative to Microsoft Exchange” and offers the necessary tools to facilitate 
communication and teamwork: e=mail, calendaring, contacts, tasks and docu- 
ment sharing. The company further cites its intuitive tools and intelligent fea- 
tures, such as smart links between calendar appointments, task lists, contacts, 
documents, bookmarks, knowledge articles and Ajax-based mashup capabili- 
ties by Netvibes’ Universal Widget API (UWA). Initially, OXCE is available for 
Debian and Ubuntu, with additional Linux distribution support coming later. 


www.open-xchange.com 


Sybase’s Adaptive Server Enterprise Cluster Edition 


If downtime ain’t an option for your database, Sybase hopes you'll deploy its 
new Adaptive Server Enterprise (ASE) Cluster Edition. The technology enables 
enterprises to deploy database environments across shared servers in a clus- 
ter, which offers the added benefit of optimal service through events such as 
system failures, peak loads and planned maintenance. In addition, Sybase’s 
product allows for savings in hardware and power costs through optimal 
resource utilization. Another technology, Virtualized Resource Management, 
supplies application workloads with a virtual view of the physical cluster that 
can be changed dynamically on demand. ASE Cluster Edition is available for Red Hat and SUSE Linux, as well as 64-bit Solaris. 


www.sybase.com/clusters 


Please send information about releases of Linux-related products to James Gray at newproducts@linuxjournal.com or New Products 


c/o Linux Journal, 1752 NW Market Street, #200, Seattle, WA 98107. Submissions are edited for length and content. 
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REVIEW 


HARDWARE 


An Ideal Appliance? 


Inside the Teak 3018 DAN SAWYER AND D.N. LYNX CROWE 


AR Infotek’s new entry into the net- 
work security appliance market is the 
Teak 3018, which the AR Infotek Web 
site bills as having “...reliable high per- 
formance that meets trusted wireless 
network security appliance requirements 
in ROBO (Remote Office, Branch Office), 
SOHO (Small Office, Home Office), SMB 
(Small/Medium Business) environments.” 
That was part of the announcement 
that ran in all the Linux hardware rags 
in December ‘07 and January ‘08. A 
small, low-profile, hackable fanless 
box, the Teak 3018 looked to be a 
great entry into the realm of appliance 
hardware. It promoted itself as a solid 
platform with excellent capabilities, 
good security and an all-around solu- 
tion for SOHO network security woes. 
We laid our grubby little paws on a 
pair of them and dug deep inside 
to answer some important questions 
about them: 


1. Are they, as the press releases imply, 
consumer appliances, or are they 
something else? 


2. Do they perform as advertised? 


3. What other nefarious ends might 
they be put to by the intrepid 
hardware hacker? 


After a lot of delving, digging, hack- 
ing and cataloging, | bring you the 
good, the bad, and the ugly of this 
unassuming-looking little brown box. 


The Good 

The Teak 3018 is compact, unobtrusive 
and looks pretty spiffy sitting on fash- 
ionable bookshelves—mostly because, 
unlike the rather gaudy Linksys firewalls, 
it stays out of the way, visually speak- 
ing. The whole thing, both in its design 
and implementation, is (as designed) 
fairly hospitable to Linux hackers. The 
CPU chipset and peripheral components 
are all well supported by the kernel, but 
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just in case you're installing a distro 
that doesn’t have the right drivers, it 
includes the source for the kernel 
modules and device drivers on the 
included SDK CD-ROM. 

Under the hood, the Teak is a low- 
power x86 system. Specifically, it’s a 
500MHz AMD Geode LX-800 processor 
with the CS5536 companion device, 
equipped with 128-512MB of DDR 
RAM (128MB standard) soldered onto 
the motherboard. It sports a Compact- 
Flash socket and a 2.5" hard drive bay 
with an Ultra DMA 66/100 IDE con- 
troller for your internal storage needs, 
as well as two OHCI-compliant USB 2.0 
ports. A serial COM port gives auxiliary 
access for those wishing to hook up 
extra peripherals, such as a Linux con- 
sole or a home automation device, 


Table 1. Uses for the Teak 


while four 10/100Mbps auto-switching 
Ethernet ports—two of which have a 
hardware bridge that keeps your net- 
work signals traveling through the box 
in case of power failure—and a pair of 
Wi-Fi aerials hooked up to an Atheros 
5004X SuperAG 802.1 1a/b/g chipset- 
based Wi-Fi module round out the 
feature set. Further icing on the cake is 
a watchdog timer, which can cause the 
system to reboot automatically if the 
software crashes. 

The box the Teak sits in is sturdily 
built. Everything is securely bolted 
down. The top slides off easily after 
you remove just four screws, and the 
quality of the external design is a cut 
above—not only is it unobtrusive as 
previously mentioned, it also has a 
reset switch on the front, rather than 


Router Possibly as Too few ports to be really useful 
a subnet as a general-purpose router. 
router 

Gateway Yes 

Access pointers Uncertain It's hard to tell from the 

documentation what is meant 
by “access pointers”. 

VPN endpoint Yes Hardware AES encryption is a plus. 

Firewall Yes 

Antivirus filter Yes 

Antispam filter Yes 

Intrusion detection system Yes 

Content filtering Yes 

Bandwidth management device Yes 


hidden around back as is common on 
most SOHO network appliances. A 
front panel mounted set of four sys- 
tem status lights, and a pair of status 
lights located by each Ethernet port, 
let you verify the operation of your 
system as well. The power supply— 
external, to help maintain the fanless- 
ness and keep the case quiet—has all 
the proper international safety certifi- 
cations and provides very clean power 
from a wide range of power sources. 

Of course, with a setup like that in 
an easily accessible box, you can build 
pretty much anything you like. AR 
Infotek’s marketing and press releases 
for the 3018 pitch it as a network secu- 
rity appliance, but with that kind of 
open hardware sitting under the hood, 
you can make it sit up and do tricks 
with a little bit of work. Still, what 
review would be complete without a 
good look at whether the machine 
can do what it says it’s supposed to 
be able to do? 

The manual suggests a number of 
uses for the box, most of which are 
actually doable. 

The hardware itself meets all the 
trusted wireless network security 
appliance requirements for ROBO, 
SOHO and SMB environments, with 
the AES encryption standard supported 
in hardware. 

There are a few other interesting lit- 

tle tricks up the Teak’s sleeve. The sys- 
tem is built on a commodity mother- 
board, which means it not only runs a 
standard Phoenix BIOS, but it also has a 
sound chip and, because it's an AMD 
chipset with an ATI graphics package, 
a video capture chip. Although the 
pinouts for the video capture hardware 
and the sound hardware aren’t docu- 
mented in the manual, they may be 
among the undocumented functions of 
J12. This isn't the kind of board that 
can easily be hacked up by a hardware 
hacker with a soldering iron—multilayer 
boards with flat packs aren't really 
designed for that sort of thing. If the 
interface pins were brought out onto 
pads or connectors, that'd be another 
thing entirely, but as it stands, some of 
the more interesting functions of the 
Geode chipset are inaccessible. 

So, is the Teak a “network security 


appliance” suitable for small-/medium-sized 
business, small office/home office and 
remote office/branch office applications? 

Unfortunately, that brings us to the 
bad part of the review. 


The Bad 

To put it bluntly, the Teak 3018 isn’t 
as advertised. The BIOS is its only 
firmware. No operating system, 
firewall, routing software or anything 
else that would qualify it as a “Network 
Security Appliance” comes with the 
box. The real story is that the 3018 

is simply a general-purpose platform 
that can be made into pretty much 
anything your geeky heart desires. 

Be that as it may, it isn’t anything 
out of the package but a bare-bones 
system. It’s not a network security 
“appliance” as delivered. It’s a system 
designed for OEMs to build into net- 
work security appliances. 

As an OEM system, the Teak pro- 
vides a good solid hardware platform, 
but it’s not without a few serious flaws. 
There are two basic classes of beefs 
| have with the thing: hardware problems 
and documentation issues. 


Hardware Problems 

Although the selection of the hard- 
ware that goes into the Teak is delib- 
erately Linux-friendly, the way the 
hardware is put together isn’t particu- 
larly impressive. To begin with, in both 
of the systems we received, the wire- 
less antenna wires were routed 
through the cooling fins on the CPU 
heat sink—not an auspicious way to 
string a thin-gauge coax, to say the 
least. Sharp bends over sharp edges 
not only abrade the insulation, they 
also mess with the impedance of the 
cable, which can cause RF signal loss 
and other nasty problems. 

The internal layout problems don’t 
stop there. The wireless chipset isn’t 
on the motherboard, but is instead 
plugged in via a MiniPCI! wireless 
card, which sits on a riser card float- 
ing above the motherboard. This 
would be a fine arrangement if the 
card didn’t sit directly above the 
CompactFlash card slot and cover it 
so completely that it’s not possible 
to load or unload a CF card without 


pulling out the wireless apparatus. If 
you're wanting to use a hard drive 
instead of a CF card, you're still going 
to run into some trouble. The system 
includes a handy drive-mounting cage 
that will hold your 2.5" IDE drive 
almost exactly the right distance from 
the controller port for the included 
hard drive cable to reach. “Almost” is 
the keyword here. The supplied flat 
cable had been crimped into a rough 
cylinder by a pair of tie-wraps, leav- 
ing no slack in the cable and putting 
excess stress on both connectors. This 
isn't a good idea, as it introduces 
unnecessary failure points in the cable 
and connectors. 

The unit also includes an XVGA 
port that isn’t routed to the outside 
of the box, which is itself a fairly 
defensible decision in something 
intended to be a network appliance. 
However, there is no pre-scored 
punch-out for those who wish to add 
a video connection permanently to 
their product, perhaps as a real-time 
network status display. Note that 
only one XVGA cable and one SDK 
CD-ROM were supplied for the two 
units. This is most likely because this 
is an OEM product, and an OEM will 
usually need only one of each as 
samples and then duplicate them 
as needed for production. 


Documentation Problems 
Particularly vital to a piece of OEM hara- 
ware is good documentation. Here 
again, the Teak falls down. There is no 
hard-copy documentation, only a CD- 
ROM full of text files and PDFs (with no 
PDF reader included). 

The CD-ROM contains a slew of 
documentation for a wide range of 
models and is not particularly well orga- 
nized. What's worse, it doesn’t actually 
include some of the most important 
pieces of documentation on, for exam- 
ple, the motherboard, which you're left 
to find yourself on-line. Worse yet is 
that the documentation supplied for 
the Geode chipset is the preliminary 
set. The current documentation on 
the AMD Web site is at revision 2, 
and there are some significant changes 
from the preliminary docs. The CD-ROM 
itself doesn’t have a README file, and 
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the package the Teak comes in doesn’t 
have a packing list, so there's no way to 
be sure that you've gotten everything 
you're supposed to unless, for example, 
you bought two or more of them. As an 
OEM company, that's not a problem, 
because it’s something that’s generally 
covered in the purchase order when the 
contract is negotiated, but if you’re 
ordering a single box to hack for your 
own personal project, you're going to 
have a hard time figuring out whether 
you got everything you were supposed 
to. See the sidebar for a packing list | 
built based on the two boxes | got for 
this review. 

Unfortunately, the documentation’s 
troubles don’t end there. 

The block diagram—essential for 
proper software and embedded system 
design—is scanned at a very low reso- 
lution. Hard to read on the included 
PDF, it becomes marginally legible 
when printed out. The block diagram 
itself is incomplete—the Wi-Fi module 
isn’t included on the generic block dia- 
gram, not to mention there's no indica- 
tion that it’s plugged in to the MiniPCl 
slot. Neither the block diagram, nor 
the other documentation, indicates 
the type of Wi-Fi card—we identified it 
by looking at the labels on the chipset 
and finding the manufacturer details 
on the FCC Web site. 

There's also the curious matter of 
J12, a set of pin connectors on the 
motherboard that do something— 
what, you may ask? We haven't the 
foggiest idea. It may be for the video 
capture hardware, or it may be for the 
sound chip, or something else. There’s 
no way to tell—it’s not in the docu- 
mentation, and it’s not silk screened 
on the motherboard. 

Information on the BlOS—includ- 
ing any place to download updates— 
is also curiously absent from the doc- 
umentation. Meanwhile, on the CD- 
ROM, they do supply an audio driver 
compatible with the onboard audio 
chipset, while the location of the pins 
for accessing and wiring up the 
speaker/microphone/line-in ports to the 
audio hardware is curiously absent from 
all documentation. This is understand- 
able, as this is a network security appli- 
ance, not a general-purpose box. 

The specs for the box mention a 
BIOS ROM upgrade utility, but there’s 
no sign of it on the SDK CD-ROM. 
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Teak Packing List 


m SDK CD-ROM full of documentation and drivers. 


@ IDE cable. 


Six feet of Ethernet cable. 


m@ Power cable and power supply (with proper international safety certs). 


@ Two Wi-Fi antennae. 


9-pin-to-9-pin RS-232 male-to-male serial interface cable. 


@ XVGA monitor cable to plug straight in to the motherboard. 


And then, there’s the GeodeROM 
documentation. AMD doesn't make 
the GeodeROM available, so why’s it 
there? Checking the AMD Web site, 
we found out that the GeodeROM 
documentation is supplied because it 
contains useful hints on how to make 
the best use of the chipset. 

The two boxes we got had an 
external label problem as well. The 
first box was labeled NSM-3018-1, 
while the second box had a label 
showing NSM-3018-7. We suspect 
this is a printer’s error on the second 
label, but there’s no way to be sure 
with what we were provided. 


The Ugly Verdict 

The ugly truth of the matter is that the 
AR Infotek Teak 3018 doesn't know 
very well what it’s trying to be. The mar- 
keting literature makes it look like it’s 
designed to compete with the sort of 
firewall/switch appliances that you get 
at your local computer shop, when in 
fact it’s an OEM device that is incom- 
plete without a lot of tinkering. 
Presumably, it was designed to sell in 
large quantities to OEMs and VARs who 
will then install the appropriate add-ons 
to make it sing right out of the retail 
packaging, but if this is the case, the 
folks over at AR Infotek need to do a lot 
more work on improving their docu- 
mentation and organizing it in a way 
that’s intelligible. It also could use some 
basic niceties like a packing list, a price 
guide, environmental specs and a read- 


Four screws, Phillips, presumably for mounting a hard drive. 


able block diagram. 

On the other hand, it’s a hardware 
platform that’s well suited to hack- 
ers—particularly hackers willing to do 
their own legwork and not rely on 
their hardware vendor to tell them 
what it is they’re actually buying. The 
possibility of teasing audio and video 
capture functionality out of a network 
appliance is interesting as well, raising 
the prospect of constructing low-end 
PVR for capturing content destined 
for one’s iPod rather than one’s TV. 
The careful selection of Linux-friendly 
hardware throughout and the inclu- 
sion of driver sources on the CD is 
another point in its favor for the hob- 
byist. We'd give it a B+ as an OEM 
product for network security, mostly 
for its inadequate documentation.m™ 


Dan Sawyer is the founder of ArtisticWhispers Productions 
(wwwartisticwhispers.com), a small audio/video studio in the 
San Francisco Bay Area. He has been an enthusiastic advocate 
for free and open-source software since the late 1990s, when 
he founded the Blenderwars filmmaking community 
(www.blenderwars.com). He currently is the host of “The 
Polyschizmatic Reprobates Hour”, a cultural commentary pod- 
cast, and “Sculpting God”, a science-fiction anthology podcast. 
Author contact information is available at www,jdsawyer.net. 


D.N. Lynx Crowe has been writing software and designing 
computer hardware for more than 42 years, mostly in the area 
of hard real-time embedded systems. He is cofounder and 
CTO of Missing Lynx Systems, Inc., a technology solutions 
company specializing in business consulting, system and 
product evaluations, and bleeding-edge research and devel- 
opment. He currently resides in the San Francisco Bay Area 
with two friends and six formerly feral cats. 
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TELECOM AND THE INTERNET have always been strange bedfellows. 
On the one hand, we have an industry that’s been around for 171 years 
or more (dating from the first commercial telegraph), and on the other, 


Dloneer Bob we have something new with an “end-to-end” model that doesn’t 
require telecom at all to do what it does. 

Frankston Yet to most of us, Internet access is gravy on top of telephone and 
television service—part of a bundle that telcos and cablecos call a triple 
play. Never mind that telephony and video are all made up of the same 

makes the bits. The carriers want us to think only in terms of familiar and expensive 
services such as television. 
Case for In fact, these models are so highly familiar to our minds that we can hardly 
; . think of a world without them. Bob Frankston, however, insists that we should. 
liberating Best known as the co-inventor (with Dan Bricklin) of the first electronic 
spreadsheet (VisiCalc) and as a prime mover behind home networking during 
j his employ at Microsoft in the 1990s, Bob is presently putting his energies 
networking into urging us to see past telecom completely—and to start communicating 
for ourselves, in our own ways, free of telecom’s proprietary confines. 
from In a way, Bob is playing the same role for connectivity that Richard M. 
Stallman started playing for software when he insisted that it be free. Like RMS, 
telephone Bob comes from free-as-in-freedom rather than free-as-in-beer. He wants us to 
be free from forced dependency on big companies and big governments that 
put us in silos and tell us how to connect and communicate with one another. 
and cable And, he wants us to be free from the thinking that has us accepting telecom as 
: a way to frame the Internet and everything we do with it. 
COMpaNnles. Unlike RMS, however, Bob has no dogma, no manifesto, no canon. 


DOC SEARLS 


His thinking is too protean and broad for that. Instead, he writes and 
talks with energy as boundless as the possibilities he wishes to liberate 
by leaving telecom behind. 

Which is why we're here. | think what Bob says about telecom is of 
founding importance to the future of the Net. 

The interview that follows was conducted in January and February 
2008, and is a tiny fraction of the total words exchanged. Here's 
hoping our severe editing will not fail to keep Bob from opening your 
minds to the possibilities of Life Beyond Telecom. 
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FEATURE Beyond Telecom 


DS: You like to talk about connectivity 
rather than communications. Why is that? 
BF: Connectivity is about relationships, 
while communications is what we do 
with those relationships. The power of 
today’s Internet comes from letting us 
focus on the relations and our ability to 
communicate rather than the twisting 
passages through telecom’s maze of 
copper, fiber and radios. 

The networks in our homes are a good 
example. You “just” print without worry 
about negotiating for the printing provider. 


DS: So the Internet should be a big 
home network? 

BF: Yes, but we need to be careful since 
the network emerges out of our net- 
working. Copper and radios are just a 
means we use. It’s like the difference 
between driving and buying a ride from a 
railroad. We should have infrastructure 
rather than a choice of whose services we 
must purchase. DIY must be an option! 


DS: Why the railroad analogy? 
BF: Because we're still thinking in 
railroad terms. The FCC (Federal 
Communications Commission) was partly 
an outgrowth of the ICC (Interstate 
Commerce Commission), which regulat- 
ed railroads. Given the opportunity— 
which they were—railroad owners 
became infamous robber barons. How 
different is that from today when phone 
companies charge you for the contents 
of your freight cars, rather than just for 
using the track? Take SMS, for example. 
It's just data—a small number of bits 
using idle capacity. Yet an SMS bit costs 
millions of times more than a video bit. 
They can charge that because, like 
the railroad barons, they use their control 
of the infrastructure to force us to buy 
vintage services at arbitrary prices. These 
are phone and cable companies with rail- 
road legacies. Not Internet companies. 
The importance of the Internet lies in 
the dynamic process by which a very sim- 
ple design decision made in the 1970s 
has become the defining infrastructure 
for the world. It's what happens when 
you give billions of people the opportunity 
to create their own solutions and share 
them. The infrastructure of telecom is not 
the infrastructure of networking. We 
must not confuse the two. The infrastruc- 
ture of telecom is about billing for scarcity. 
The infrastructure of networking is DIY 
and connecting anything to anything. 
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DS: JP Rangaswami of British Telecom 
(disclosure: | consult BT on open-source 
strategy) says the core competence of 
telcos is billing. 

BF: That's true. And it’s their core cost 
as well. When the infrastructure was 
expensive, it made sense to account for 
each use of wires and switches. Today, 
those costs have vanished. Remember 
that the reason we pay for redundant 
broadband paths is to keep the bits in 
billable channels. Even on “TV” we still 
divide the “dial” into “channels” or 
dedicated frequency bands—a legacy of 
analog signaling. 


DS: And, why even bother with push- 
ing dozens to hundreds of streams 
down a “pipe”—because that’s what 
we call it now—when the user is watch- 
ing only one at a time, and in most 
cases, it’s not even a live program? 

BF: Yes! In fact, none of this analog 
baggage is necessary with digital signal- 
ing. Even the distinction between wired 
and wireless bits no longer makes 
sense. Why do we need megawatts to 
shout a signal over a distance from the 
tops of towers and mountains, when a 
few milliwatts in your living room or a 
street lamp can connect you to the 
whole Internet? 

Signaling on single frequencies is a 
legacy from the early days of radio. You 
had to be careful to avoid stepping on 
others’ signals. 802.11 puts the respon- 
sibility on the receiver and thus encourages 
innovation rather than caution. Why do 
we still use a system that requires a 
license to transmit? It's as if we weren't 
allowed to own anything blue because 
that color was taken. 


DS: So, what do we really need, if we 
don’t need telecom? 

BF: We need surprisingly little—just the 
means to do our own networking using 
our community's copper, fiber and 
radios. We first connect with our 
neighborhood and interconnect neigh- 
borhoods. We don’t “access” a far-off 
Internet. We internetwork. 


DS: | think the shift you’re looking for 
has a good model with construction. 
That industry was born in 1833, when 
Augustine Taylor built St. Mary’s Church 
in Chicago. Taylor was the first to use 
what we now call 2x4s, 2x6s, studs and 
joists. He did it cheap and with amateur 


volunteer carpenters. It caught on. 
Suddenly just about anybody could frame 
and build anything. Old-time builders 
called it balloon construction, because 
they thought it would blow away. But it 
didn’t. Instead it revolutionized construc- 
tion by letting anybody build anything 
cheap. If you want to build Tudor, or 
Prairie, or an office or a cabin, you frame 
it up. As a result, construction is perhaps 
the largest industry in the world today. 
And, nobody “owns” it. So, what are the 
equivalents of 2x4s here? 
BF: In telecom, we already have it—bits 
(or packets). We can run bits over any 
physical (or virtual) transport and inter- 
pret them as we wish. So we can take 
copper, fiber and radios (CFR) and just 
treat them as interchangeable bit paths. 
Accountants have a term for this— 
fungible. You don’t have to maintain 
the identity of each kernel of corn—you 
just count them. Bits are bits. Telecom is 
about monetizing the path, but if bits 
are fungible, the paths are no longer 
special—it’s like rangeland versus small 
plots of land. 


DS: It's hard to give up the idea of 

a network. 

BF: We've already done that. Back in 
the 1980s, UUCP (Unix-to-Unix Copy) 
was a good example of networking 
without a network—just cooperating 
computers calling each other. As with 
the Internet, it was a learning experi- 
ence. Today we can do a far better job 
of networking if we aren't confined to 
broadband pipes. But the telcos are 
hooked on that confinement—and pro- 
viding it as a set of “services”. But, it's a 
losing proposition. By holding on to that 
model, they'll fail. They're like a monkey 
with its hand in a jar, unable to let go, 
even though that’s the only way they'll 
become free. 


DS: Haven't they made some progress? 
BF: Not enough to save them. Or us. 
Today they know that abundance creat- 
ed by fungible bits is their enemy, and 
it's only a matter of time before they 
lose control. Too bad we focus on fixing 
the symptoms—for example, by trying 
to bolt neutrality onto the artificial FCC 
Regulatorium. Instead, we should recog- 
nize the problem is one created by reg- 
ulations themselves—a product of the 
1930s depression era. The technology 
and fears of those times make no sense 


Bob at Just One of 
His Desk Workstations 


these days. Yet we still accept that static 
solution instead of what | call the 
opportunity dynamic. 


DS: What is the opportunity dynamic? 
BF: We get Moore's Law-type hyper- 
growth by taking advantage of opportuni- 
ties rather than allowing only narrow solu- 
tions. The dynamic has worked so well 
that today, even the carriers can't afford 
their own network. They too are using 

IP but insist on billing us as if they had 
special gear for everything. It’s as if we 
had to put a 41-cent stamp on e-mail. 

If we are dependent upon the 
phone company meeting performance 
requirements, we pay a high price for 
our dependency. With the Internet, we 
discover what we can do with what is 
available. Even better, thanks to soft- 
ware, we can easily share the results 
with others. At first, you couldn't make 
phone calls over the Internet, but you 
could send e-mail. Finding value in what 
we had drove a dynamic till today we 
have an ocean of bits, and voice “just 


. 


works” thanks to statistics. It’s not 
magic but a simple dynamic with 
demand actually creating supply, 
because we are taking advantage of 
available opportunities. 


DS: Is this, then, “Frankston’s Law”? 
BF: Yes, “Marketplaces that provide 
opportunity rather than just solutions 
allow demand to create supply.” It’s a 
generalization of Moore's Law. The bot- 
tom-line question is, “Why must everyone 
have to justify new ideas to a telephone 
company or, for that matter, to any inter- 
mediary?” The power of the end-to-end 
argument is that we can create solutions 
without depending on intermediaries. 


DS: What other ideas must we purge 
from our minds? 

BF: One is that infrastructure has to 
be expensive and owned by service 
providers. That's why we can never 
finish paying for it. The actual cost of 
copper, fiber and radios is far less than 
something as mundane as sidewalks. 


Imagine if sidewalks were a service. 

There are so many ways to redefine 
problems and come up with solutions 
that are far more valuable—even if we 
never solve the original problem. Who 
needs to make sure video signals arrive 
within a few milliseconds when we can 
buffer them and provide far higher quality 
than would be permitted by streaming? 

“Phone wire” carries just one phone 
call, but if you look at the physics of 
sending signals over copper, you'll realize 
that we've barely tapped the potential 
capacity. For example, we don’t need to 
think of them as isolated “pairs”. 


DS: We've seen this proven by the 
Internet, which was not created by 
telecom, even though we took advan- 
tage of telecom’s copper and circuits. 
BF: Yes, but we’re still being timid, 
because we're still using the prototype 
Internet, which still has legacy limitations. | 
think of it as a class project done by friends 
and colleagues. For me, it was exactly that. 
It's a nice demo, but still only a demo. 
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FEATURE Beyond Telecom 


DS: If it's a demo, what's it demonstrating? 
BF: The power of the end-to-end con- 
straint, of not depending on favors from 
a service provider. Of course, this breaks 
the fundamental presumption of the 
Regulatorium: that everything must be 
a billable service. 

Where we are now is like the con- 
tainer shipping business, back when it 
was starting to happen. The old ship- 
ping companies opposed it, but they 
didn't own the ocean. Now look at how 
much less shipping costs today. 

In The Box: How the Shipping 
Container Made the World Smaller 
and the World Economy Bigger, Marc 
Levinson notes that the incumbent 
shipping companies were unable to 
control the ocean and prevent container 
shipping from happening. 

Yet, the telcos have managed the 
amazing feat of controlling the ocean of 
bits. The problems with single frequency 
signals that | sooke about earlier provide 
a reason to take the limitless potential 
of wireless communication and lock it 
into fictional channels! Amazing! 

This is perhaps the central issue: each 
of these bad decisions creates stakeholders 
who want to hold on to their own no 
matter what the harm done to society. 


few million to fund connectivity in Silicon 
Valley. That would drive the dynamic. 

The idea of owning the transport 
reminds me of the days when roads 
were privately owned and you had men 
with pikes collecting tolls. We've long 
since recognized that value in the roads, 
as with networks, is in what we do with 
them and not in the roads (or networks) 
themselves. But the legacy lives on in 
the word turnpike. 


DS: What about municipal Wi-Fi? 

BF: The idea is laudable, but all too 
often muni Wi-Fi is in the mold of 
another telco system. If we opened up 
access points, it would be a non-issue, 
and then we could discover what to do 
with what we already have! 


DS: Let's talk about history. You've 
been around since the early days of 
both Multics and UNIX. 

BF: Yes. In fact, UNIX came out of the 
Multics Project. Although Multics 
defined much of what we think of as 
computing today, it was captive to 
Honeywell's business model, which kept 
it far more expensive than it should 
have been. UNIX was inexpensive and, 
thus, gave users a chance to experiment 


hack—it was adequate for a prototype 
even though it created a dependency. 
Housekeeping was a problem, so the DNS 
was created to provide stable identifiers, 
only to fail because you don’t even own 
your name—your Iname. You lease it. 

Too bad we continue to try to shore 
up the scaffolding. IPv6, for example, 
focuses on the network, not on our 
ability to do networking ourselves. 

The 32-bit IP address was shim in 
the days when computers seemed 
immobile. The DNS was created to 
provide stable identifiers but failed. You 
can only lease your “identity”! 

We deliver physical mail to addresses. 
Even the Post Office is smarter than that. 
They know the address is a hint, but the 
destination is a person. 

The Internet ain't bad for a demo 
but far from what is possible if we take 
full control from the end. 


DS: You've been accused of trying to 
destroy all of telecom—or at least of 
disrupting it severely. Isn't that where 
you're headed here? 
BF: Disruption is a consequence and 
not a goal. For the most part, you want 
to get the benefit of community. 
Modems are an interesting example, 


“IF WE FOCUS ON CONNECTIVITY FIRST, 
SPEED WILL COME.” 


DS: Seems to me that Google gets the 
abundance side of the Net, today, no? 
BF: Not entirely true. It does benefit 
from being the largest ship on a rising 
sea (perhaps an uncomfortable metaphor 
these days). Its advertising revenue model 
decouples it from the particulars of tech- 
nology and the network. But, it seems to 
want to tether users to its service plat- 
forms. After all, an advertiser depends on 
delivering customers to buyers. 
Decoupling is important. This is why at 
Microsoft | made sure that home network- 
ing was available as a technology rather 
than being treated as a profit center. It’s 
valuable because of what it enables. 


DS: What should Google do then? 

BF: Why not give away 100,000,000 
open access points instead of spending 
billions on the 7OOMHz spectrum auction? 
It would cost less and benefit us all. Or, 
simply announce it is going to spend a 
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with owning their own systems. 

PCs took this a step further. | even 
dispensed with operating systems when 
they got in the way. For a while, even 
UNIX was too much like an old-style 
mainframe. Things are different today— 
there is far more computing power, so 
we can afford to have operating systems. 

The demos have driven the dynamic. 
That’s what happened with early UNIX 
and the Internet. Imagine if we didn’t 
hobble ourselves with the presumption 
of scarcity. And, if we focused less on 
patching up today’s demo and more on 
taking advantage of connectivity. 


DS: Explain. 

BF: In order to build something that 
worked using 1970s and 1980s technolo- 
gy, we put in some scaffolding—today’s 
Internet backbone. Today, we've confused 
this scaffolding with essential infrastruc- 
ture. The 32-bit IP address was a clever 


because they were accused at the time 
of destroying the phone network by 
tying up all that gear. But the bad 
behavior drove a dynamic. It turns out 
the problem was not in trying to send 
the data, but in a network that tied up 
resources even if you were sending only 
a few bits. If it weren't for the common 
carriage laws (inherited from railroads), 
they could've banned modems—we’'d 
have never known about the Internet. 
The carriers actually had a digital 
alternative, ISDN, but it was too tied to 
their business model—meaning they 
charged too much for it. They used it to 
bring back per-minute charging—you 
paid even when idle! Analog telephony 
was “worse”, but due to an accident of 
history, analog phone service didn’t 
have the meter running, which meant 
we could stay on-line using dial-up! This 
shows how it is not about technology 
but how we think about opportunities. 


Today, we are enamored with broad- 
band—the new ISDN. And, like ISDN, it 
is technically better. But, like ISDN, it’s 
fatally tied to a business model that is in 
inherent conflict with providing abun- 
dance. It allowed us to innovate past 
the telcos, and for that reason, it was 
far better. Today, broadband plays the 
same role that ISDN did. 

The irony is that here too the copper 
wires provide a very cost-effective alterna- 
tive. If we focus on connectivity first, 
speed will come. DSL (the technology, not 
the service) is just a faster modem and 
can drive the dynamic. And, if we don’t 
care about controlling the path, we can 
use 802.11 to provide essentially 100% 
coverage with existing access points! 

Why not repeat history and first light 
up existing copper at modest speeds 
and modest cost and complement it 
with open access points? That will drive 
the dynamic while broadband is a dead 
fish trying to swim. 


DS: So here’s the pushback. For most 
people, the entire frame of reference is 
the devil we know. The Internet is bun- 
dled by the carriers with phone and 
television, as just another service. And 
this is seen as a Good Thing. Why are 
you looking to solve a problem most 
people don’t think they have? 

BF: I'm reminded of when Ben Franklin 
was visiting the Court of King George 
and realized there was no middle 
ground between American indepen- 
dence and British rule. 

We're not bargaining. We're refram- 
ing the problem. Bear in mind what 
Henry Ford said. If he’d asked customers 
what they wanted, they'd say, “faster 
horses”. VisiCalc happened because we 
took advantage of an opportunity. It was- 
n't that we set out to change the world. 
That was an accident. Who could have 
guessed? And no one even asked for it. 


DS: Speaking of opportunity, most of our 
readers are exactly the kind of people 
who aren't happy being slaves, and who 
might not want just faster horses. These 
are the folks who should want to take 
advantage of your opportunity dynamic. 
BF: That’s good. Now you need to 
remember that it takes many people try- 
ing many ideas to get something that 
changes everything. What can you do 
with the bits you have? I’m sure a lot of 
readers are already reprogramming their 


access points, which are typically open- 
source Linux boxes. 


DS: Count on it. 

BF: Then it’s clear how the value is in 
how we use the network and not the net- 
work in itself. The network itself is a cost 
center. Why would carriers want that bur- 
den if they can’t use it to force us to buy 
services? They are in a trap. If they give us 
capacity, we won't need to pay for ser- 
vices. If the bits are fungible, they can’t bill 
us for them. They need to escape the 
Regulatorium rather than hope they can 
retire before it all comes to a head. 

So, rather than thinking of networks, 
we must think of common infrastructure 
paid for as such—it will cost less than 
nothing because we already have so 
much and haven't even taken advantage 
of what is already there. Why do cities 
even have phone bills or separate sys- 
tems for each service? 

Think of the savings if cities used 
this common infrastructure instead of 
separate ones for each purpose. 

Ultimately, | see replay of divestiture. 
But if the issue is forced, they can 
change. It would be fair for them to cut 
a deal with the FCC to get some money 
for their shareholders. After all, the FCC 
put them in an untenable situation. 


DS: Who, then, should own the 
physical infrastructure? 

BF: The physical infrastructure needs to 
be owned and operated locally, like 
roads and sidewalks. The longer we 
wait, the more jarring the correction.™ 


Doc Searls is Senior Editor of Linux Journal. He is also a 
Visiting Scholar at the University of California at Santa 
Barbara and a Fellow with the Berkman Center for Internet 
and Society at Harvard University. 
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So many VoIP programs, so little 
time. What’s a podcaster to do? 
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o you have a podcast? Okay, dumb 

question. Of course you do—podcasting 

is the blogging of tomorrow. It’s quick, 

it's easy, it’s not tied to a computer 
screen, and your audience members can take you 
with them anywhere on their iPod-ish devices. 
Best of all, you don’t have to worry about actually 
learning to spell in order to inflict your opinions 
on others. So long as you can speak clearly and 
have fun doing it, you too can have a podcast. 
So who wouldn’t want to do it? 


| mean, you have an opinion you want to express, right? 
Or you have a story you want to tell. Or you simply have a 
desire to see what will happen if you gradually fade the vol- 
ume out on your podcast until it’s near zero, encouraging your 
listeners to turn their headphones up, before you blast them 
with a channel-saturating guitar riff to wake them up. The 
point is, you have a podcast, or you want one. 

One thing you begin to notice when you get into podcast- 
ing is that listening to your own voice is boring—really boring. 
It's cathartic to rant into a microphone for half an hour and 
then put it on iTunes for the world to hear, but after a while, 
it’s really nice to have listeners call in, or have guests, or pick 
up a cohost in another state. 

How can you do it? Telephony, naturally. 

Now, | must emphasize that not just any telephony client 
will work. Ekiga and Skype are not created equal. Neither are 
Gizmo and Twinkie. That doesn’t mean they aren't all good for 
something, but good for something isn’t the issue here. We 
need good for podcasting, which is a whole other spool of 
fiber-optic cable. 

In my podcasting and production career, I've run into a lot of 
remote conferencing, and I've found that pretty much any remote 
conferencing is done for one reason: you can't get the talent into 
your recording studio (humble as it may be). 

Why this can happen is a bit of another matter. For one of 
my podcasts, The Polyschizmatic Reprobates Hour (don’t ask), 
my sometime-cohost lives halfway across the country, and to 
have any kind of intelligible real-time conversation, we needed 
a good telephony setup. This went double for when we 


A NOTE ON PRODUCTION 


Your podcast will sound only as good as the production 
technique. Good equipment is important, and good 
doesn't always mean most expensive. More important is 
good engineering—proper EQ and compressor settings, 


a low noise floor and proper mic technique will make or 
break your production sound. The software you use is a 
small component in the podcasting battle. Production 
and publicity are the other two parts of the holy trinity. 
If you want to survive in the new media world, get to 
know them all. 


needed to bring in guests for interviews. The basic require- 
ments list is as follows: 


1. Good sound quality: this show is already going to be 
compressed to MP3; we don’t want to start off with 
crappy sound in the first place. 


2. Ease of installation: most people still are fairly technophobic 
or tech-ignorant, and most people still run Windows. That 
means whatever telephony software you're using for your 
podcast conferencing, it has to be one that you can get 
guests up on in a few minutes. Longer or more trouble- 
some than that, and you're going to hear the words of 
death: “Maybe we should do this another time.” 


3. Ease of dial-out/dial-in: sometimes, your guests just aren't 
going to be able to get on your VoIP network, and when that 
happens, you have to call them on a phone. In that case, you 
want the experience to go quickly and smoothly—there’s 
nothing worse for your street cred than making a guest, who 
has carved out an hour for you, wait by the phone. Chances 
are you'll need to do this at some point. When you do, will it 
be quick and painless? Will the price be right? 


4. Ease of recording: of course, the best-sounding protocols 
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on the slickest software in the world aren't going to get 
you anywhere if you can’t record your conversations, 
and on this score, VoIP software is justly infamous. 
Because of the way most conference calls grab your 
sound ins and outs, it often kills the hardware duplexing 
your otherwise bright-and-shiny ALSA drivers usually 
support. But, a lot of people podcast over telephony, 

so there has to be a way. 


5. Carts: this is something from the old days when those 
of us who took broadcasting training at college radio 
stations actually had to juggle tapes. A cart was a tape 
cartridge on a continuous loop that contained station 
ID, sound effects, music beds or anything else we wanted 
to punch in to the broadcast. Nowadays with podcast- 


ing, most people just lay this stuff down in the final mix, 


but sometimes it’s nice to be able to play things while 
the show is being recorded—sound effects, quotes from 
sources upon which you're commenting and so on. This 
is one of those nice-to-have-but-not-essential features, 
which does make life a lot easier. 


Now, looking back over that list, the vast field of SIP 
clients narrows substantially. Instead of a couple dozen 
to pick from, there are only two that will fit the bill, and 
neither of them are open source. 
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WHITHER 64? 


Neither Skype nor Gizmo offers anything in the way of 
64-bit versions for Linux, even though there are user com- 
plaints and pleadings about this dating back to May 2005 
on both companies’ support forums on exactly this topic. 
Skype recently has introduced a 64-bit Vista client, but Mac 
and Linux 64-bit clients are, as yet, nothing more than a 
pleasant adolescent fantasy for the lonely off-platform user. 


Gizmo, meanwhile, is 32-bits all through. 


Both install and run on 64-bit distros, with a little bit of 
a headache making sure they've got the right 32-bit libs 
to call in and with setting up the chroot environment. 
It's a stopgap that works okay, but it ain’t pretty, and in 
a time when 32-bit desktop and laptop processors are 
being end-of-lifed by hardware manufacturers, this 
situation really is irritating. 


Skype vs. Gizmo 

The two main contenders that are suitable for workhorse pod- 
cast use are Skype and Gizmo. Both are very easy to download 
and install. Both offer comparable rates on calls coming in 
from the phone network and going out again, both nationally 
and internationally (though Gizmo has a slight edge in this 
respect). Both are user-friendly and easy to get potential guests 
set up on so they can be on your show. 

They both are usable. They both are workable. They 
both run quite well on Linux, Windows and Mac OS. Their 
feature sets are comparable in many respects. But, they are 
not the same. 


The Technical Lowdown 
Skype, now the prized stepchild of the eBay corporation, 
runs on a proprietary peer-to-peer networking back end 
that co-opts the user’s system resources to route calls, up 
to the maximum of what it can grab that’s not being used 
by other systems. This is comparable to how BitTorrent 
works, though unlike with BitTorrent, users have no control 
over how much in the way of bandwidth or system 
resources they want to allocate to the task. The practical 
upshot for this where performance is concerned is curiously 
double-edged. At the beginning of a Skype call, the con- 
nection typically is loud and clear, the mix is well propor- 
tioned, and the compression artifacts are very difficult to 
hear (and, if you're good with EQs, you can pretty much 
notch out the most obvious ones). However, as a call pro- 
gresses, more of your personal bandwidth gets allocated to 
other network calls, and the quality of the audio gradually 
degrades. At low traffic times, this effect is barely notice- 
able, but at high traffic times, you may find yourself hav- 
ing to restart the call every 10-15 minutes as the quality 
falls below what you find acceptable (or intelligible). 

Its networking setup isn’t the only thing that’s proprietary— 
it’s also a closed system. Skype’s network can’t be dialed 
in to directly from any other voice-conferencing network. 


The standards are closed, and they're black-boxed. 
Although this isn’t a problem that’s directly relevant to 
podcasting, if you're looking for a general first-line VoIP 


package, it’s something you'll want to keep in mind. Skype 


is like Vegas: what happens there, stays there—well, 
assuming its encryption algorithms are robust. 


Gizmo, a service and application owned by SIPphone, Inc., 


has a somewhat different approach. Although the software 
itself is proprietary, it uses the open SIP protocol for its trans- 
port across the Net, and calls are routed directly over the 
SIPphone network between the individual call participants, 
rather than being routed through a peer-to-peer network. 
Because it uses SIP and Jabber, it can hook up with any soft- 
ware using either of these protocols fairly transparently. 
Gizmo uses TLS and SSL encryption to discourage eaves- 


dropping—open technologies whose strengths and limitations 


are well known. The corporate culture is deliberately geared 
toward transparency rather than toward opacity, which is an 
operating philosophy that warms the cockles of this Linux 
geek’s heart. However, when it comes to encryption, Gizmo 
also loses a point, as it does not encrypt between Gizmo and 
non-Gizmo SIP clients. 

The sound quality on Gizmo follows a different curve 
from Skype. Because Gizmo routes over the SIP network 


instead of through a peer-to-peer setup, it is more subject to 


the fickle winds of fate. When Net traffic is up, Gizmo calls 


tend to decay. When it’s down, they do better. However, 
Gizmo does not progressively degrade performance over the 
course of a call or take your bandwidth for allocating to 
other calls on the network. 

In terms of actual performance, the sound quality is usually 
a wash, but Gizmo consistently sounded better the times I've 
used it for multiparty conferences than has Skype, particularly 
on extra long calls. 


So, you've got your guest on the line, your cohost on the 
other line, and all three of you are happily chatting it up in 
the conference. The podcast is off to a great start—if you 
can manage to record it correctly. Sometimes, this isn’t as 
easy as it looks. 

Skype is notoriously difficult in this area. Although the latest 
version works on ALSA instead of OSS, on many distros it still 
doesn’t always play nice. It doesn't work well with the Windows 
or Mac sound systems, either. With full duplex sound hardware, 
this should be a no-brainer, right? Simply dump the DSP to 
a file in parallel with running the conference. Alas, some 
programs want to be front and center, end of story. Skype 
is one of them. In order to record a Skype call, you have to 
do one of two things: 


1. Hijack the DSP with a middleware layer. There are a number of 
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packages that'll do this—for a fee—on Windows and Mac. On 
Linux, I’ve only ever found one solution that works, and it’s a 
kludge. Twisted Little GNOME has cleverly cobbled together 
LAME, OggEnc, Sox, Vsound and Skype in an elaborate (though 
very dependable) script, available at sourceforge.net/project/ 
showfiles.php?group_id=146056&package_id=160795&releas 
e_id=358917. Unfortunately, this script is not well maintained 
and tends to break when Skype upgrades. Worse still, this is 
the only hijacking option that I've been able to find for Linux. 
The other method of recording Skype calls is suitable only 
for audio engineers and people that like playing around 
with too many cables. 


2. The two-computer mixdown: there are a few permuta- 
tions of this, but basically, you'll need two computers— 
one to conduct the call (Box A) and the other to record it 
(Box B). To do the recording, you either split your mic 
into two channels before it hits Box A, and split the 
speaker out after it leaves Box A, and run them both to 
Box B as left and right channels. The other option works 
only if you're running a mixing board: route your mic 
input to both Mains and Subs, and plug the Box A out- 
put in to the board as a Subs-only source, then send the 
Subs to Box B for recording (if you’re not following this, 
don’t worry—just be glad you're not an audio engineer). 


Either way, if you intend to record a Skype call, be prepared 
to put up with a bit of misery. 

Gizmo, by contrast, has a recording tap built in to the pro- 
gram, and when you press Record, it announces to all parties 
on the call that the call is being recorded. Thus, not only is 
recording the call painless, it also covers your backside legally 
(see the Legal Issues sidebar). 


Carts and Extras 

When it comes to live carts, on Skype, you're out of luck. Without 
third-party plugins, there isn’t a thing you can do with Skype to 
make it play nice with other sound apps on the computer, and not 
a lot of those plugins are available for Linux. 

With Gizmo, on the other hand, you have options. Gizmo 
comes with a cart interface where you can preload ten sound 
FX for playing at the touch of a button. You also can route 
XMMS through Gizmo and play your carts from there, if you 
need a longer playlist. 

Skype and Gizmo also offer varying sets of extras to entice 
customers. Both have integrated text chat—a very useful 


LEGAL ISSUES 


It is a felony in many states to record a phone conversa- 
tion without the other party’s knowledge or permission. 
If you're dialing out to a phone network, or your guests 


are dialing in from the phone network, always be sure 
you get your guests on record acknowledging that they 
know they're being recorded, and keep those records. 
It's a good idea to get these records for straight VoIP 
calls too, as the law will doubtlessly be extended to VoIP 
networks at some point in the future. 


feature for prepping your guests for their next question or 
conspiring with your cohost behind your guests’ backs. Both 
have integrated file transfer—handy for sending outlines or 
PowerPoint slides to discuss. 

Skype's two big standout extras are one-click video confer- 
encing (even under Linux), which can double as a whiteboard- 
ing system and extremely easy-to-set-up conference calls. 

Gizmo's conference call system, by contrast, can be a 
bit twitchy, particularly when trying to bring in someone 
from an external phone network. On the other hand, with 
Gizmo, you get free voice mail, which is lovely for handling 
show feedback. On Skype, voice mail comes only with a 
subscription to Skype Pro. 


Conclusion 

Of the two, on technical merits, Gizmo is the clear victor 
over most of the field. Happily, it’s also the winner on 
cultural merits. However, Skype is used more widely, and 
potential guests are more likely to be familiar with it. The 
different network architectures of the two services gives an 
odd kind of redundancy—often, when one’s sound quality 
stinks, the other's works gloriously. My advice: keep them 
both around. But, when it comes time to buy call-out 
credits or to get a call-in number, stick with Gizmo. 


Dan Sawyer is the founder of ArtisticWhispers Productions (www.artisticwhispers.com), a small 
audio/video studio in the San Francisco Bay Area. He has been an enthusiastic advocate for free 
and open-source software since the late 1990s, when he founded the Blenderwars filmmaking 
community (www.blenderwars.com). He currently is the host of “The Polyschizmatic Reprobates 
Hour”, a cultural commentary podcast, and “Sculpting God”, a science-fiction anthology podcast. 
Author contact information is available at www.jdsawyer.net. 


sue, le@ Check to See If Your ssh Key Is Loaded 


If you use ssh-agent and have scripts that use commands, 
such as ssh or scp, that need your ssh key, you may have 
had the experience of running your script only to discover 
that you never ran ssh-add to add your key to ssh-agent. 
So, you type the passphrase once to run the script, and 
then you have to run ssh-add afterward and type it again 
to add it to ssh-agent. 

To avoid this, add a check to the top of your script to 
see whether your key is loaded. If not, load it, and avoid 
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having to run ssh-add afterward: 


if ! ssh-add -L | grep --silent ‘/\.ssh/id_.sa°; then 
ssh-add 
fi 


The -L option of ssh-add shows what keys are added, its out- 
put is piped to grep to check to see whether your key is loaded. 
If it’s not, ssh-add is invoked to add your key. = —MITCH FRAZIER 
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GETTING STARTED WITH SKYPE. 


Want to use your computer as a full-fledged telephone, and be 
able to make free phone calls over the Internet or paid calls to 
any normal number? How about adding more features, such as 
instant messaging, file transfers and video conferences? How 
about being able to use it on Linux, Windows or Mac OS X? If 
these things interest you, you should install Skype. 

Skype is a free, VoIP (Voice over Internet Protocol) program, 
created in 2003 by Niklas Zennstrom and Janus Friis. Two years 
later, eBay acquired it for more than 2.5 billion dollars (plus an 
unspecified extra amount depending on performance). 
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As of the beginning of 2008, it has more than 250 million 
users, both for its free and paid services, in practically every 
country on earth. When you connect to Skype, in the bottom- 
right corner, you will see how many other users are on-line at 
the same time. In my experience, it’s usually around ten mil- 
lion, which is a hefty number indeed. Skype derives its income 
from paid services (including calling or receiving calls from 
landline or mobile phones, voice mail, call forwarding and so 
on), but you can use it without paying a cent if you call only 
other on-line users over the Web. 


Skype wasn’t the first collaboration by Zennstrom and 
Friis, and it isn’t their last. In 2000, they created Kazaa, 
a well-known peer-to-peer file-sharing program. 
Obviously, they were able to apply the P2P expertise 
gained there to Skype’s own development. Kazaa had 
plenty of legal problems (similar to those of Napster) 
because of sharing copyrighted material, mainly music. 
In 2001, Kazaa was sold to Sharman Networks, which 
had to face several copyright-related suits. In July 2006, 
there was an out-of-court settlement, when its Web site 


peer-to-peer technology used on Skype. Joost’s develop- 
ment started in 2006, and currently (February 2008), it’s at 
beta. If you want to test-drive this software, however, you 
are out of luck. For the time being, there are only Windows 
and OS X versions available. According to some reports, 
Wine isn’t a solution either, though that might change. 


Joost will be a free system, supported by advertising, 
just like traditional TV, aiming for full-screen, high- 
quality viewing. Though its technology isn’t yet mature 


seemingly was updated for the last time. 


After selling Skype to eBay, Zennstrom and Friis turned to 
TV and created Joost: a system for distributing video 
(mainly TV shows) over the Web, once again using the same 


Getting Skype 

The program itself is free, but it’s not 
open source. And, if you like running 
the best and latest versions of pro- 
grams, prepare yourself for a disap- 
pointment. The current Windows ver- 
sion is 3.6, the current OS X version is 
2.6, but Linux is trailing far behind with 
only a beta, called 2.0. Thus, plenty of 
features are missing from the Linux 
version (see the What's Missing in the 
Linux Version of Skype? sidebar), but 
Skype still is quite usable as is. 

Skype's hardware requirements are 
pretty modest. You need a 400MHz 
processor or faster, 256MB of RAM and 
about 20MB of free disk space. If you 
want to talk (don’t sneer; you can use 
Skype just for instant messaging), you 
need a microphone and either ear- 
phones or speakers. And, if you want to 
make video calls, you need a Webcam. 
Finally, you need to open an account, 


but you have to install the program first. 


Installation should be quite easy. As 
far as I’ve seen, it’s available for pretty 
much all distributions, so you should 
have no problem finding it in your 
repositories. Because | use Smart, get- 
ting Skype simply meant typing smart 
install skype. In any case, you should 
check that the version you get is not 
earlier than 2.0. (To do so, start Skype, 
click the S on the lower left, select 
About, and you'll see a window with 
the version information.) Because Linux 
lags behind Windows as far as versions, 
you just might have version 1.4, which 
would require an upgrade. 

If your version is an older one (or if 
you just want to make sure to have the 
latest one), visit Skype’s download site, 


or fully reliable, it’s an interesting concept and free of 


the legal problems that troubled the original Kazaa. 


Skype™ 2:0 (Beta) " * 
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Figure 1. You need an account to use Skype. 
On Linux, checking Sign me in when Skype 
starts is safe to use. 


and get whatever is correct for your 
machine. There are distribution-specific 
versions for Debian, Fedora, Mandriva, 
MEPIS, OpenSUSE, Ubuntu and 
Xandros. There also are some generic 
versions—the “static” one might be 
best for you. 

After the download is ready, open a 


There are some licensing aspects that still need work 
(most of the available content can be seen only in the 
US right now), but there’s much promise ahead. 
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Figure 2. Creating an account is simple, but 
you must do it with Skype. 


console, cd to the directory where you 
downloaded the software, and do sudo 
rpm -Uvh skype-2-XXX.rpm, and you 
should be ready. 

When you open Skype, if you 
already have an account and a password, 
simply enter them to connect (Figure 1). 
However, if this is your first time ever, or 
if you just want to create a second or dif- 
ferent account, click Don’t have a Skype 
name yet?, and a window will open 
where you can create an account. Follow 
the instructions on the screen, and you'll 
be set (Figure 2). Skype won't allow pass- 
words that are too short, but play it safe, 
and use a long one, preferably with 
numbers and special characters. 


Configuring Skype 

The first time you run Skype, check its 
configuration. Click the S on the bottom 
left, and you'll see the Options window. 
Here are some of the possibilities: 


General allows you to specify what 
happens when you double-click on a 
contact (either start a call or a chat), 


www.linuxjournal.com may 2008 | 55 


FEATURE Turn Your Computer into a Phone with Skype 


the timeouts (after how much time 13. Spanish was noticeably missing. 
you will be shown as Away or Not 

Available) and the program language. ™ Privacy lets you decide whether you 
Although Skype's Web site advertises will accept calls or chat invitations 
almost 30 languages, it came with only from anybody or only from people 


What’s Missing in the 
Linux Version of Skype? 


Skype for Linux is several versions behind the current Windows program and is 
still in beta. In later versions (keep your fingers crossed, but be prepared for a 
long wait), it could add: 

Enhanced file transfer speed. 

More stable video calls among users with Internet connections of different speeds. 

Improved video and audio quality on low-speed Internet connections. 

Call quality feedback and bandwidth indicators. 

Safety and privacy improvements. 

Support for MySpace. 

High-quality video calls. 

Video snapshots. 

Auto redial. 

Call transfer. 

Private telephone numbers. 

Import contacts from MSN, Yahoo and Gmail. 

Skype Prime (calling lines that charge per minute). 

Skype Find (a community-generated directory). 


Sending SMS. 


Ten-way conference calls. 


Public chat rooms. 
Predictive dialer. 
Contact grouping. 
Shared groups. 
This is a (shortened) version of all new features in the release notes since 


January 2006, when version 2.0 for Windows came out, so there should be 
plenty forthcoming for Linux users. 
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you specifically allow, whether you will 
answer incoming calls automatically 

(| wouldn't check that), and how long 
you want to keep the chat history. 


Notifications allows you to assign 
sound bits to different events, such 
as an incoming call or an answered 
call, and whether you will be shown 
a pop-up notification. If you click 
Advanced View, you can specify 
scripts that should be executed on 
specific events, or a message that 
should be sent to the other party. 


Chat permits you to define what will 
happen if somebody starts a chat with 
you, such as whether to use emoti- 
cons and whether other parties should 
be informed when you are typing. 


Call Forwarding is a paid feature. 
When someone calls you, and you 
are not at your computer, you can 
have Skype call your mobile or land- 
line phone, paying per minute at the 
regular call rates. (If you call people 
who forward their calls, you pay 
nothing.) You even can forward calls 
to more than one phone, answer 
whichever you want, and you will be 
billed accordingly. 


Voice mail is another paid feature, 
available only with a Skype Pro 
subscription. Basically, it works as an 
answering machine, and you can listen 
to the calls you received whenever 
you are signed in. 


Sound Devices lets you choose which 
devices should be used for sound. I'd 
suggest keeping the default devices, 
unless you know what you're doing. 
Click on Make a test sound to verify 
whether Skype can produce sound, 
and then click Make a test call to check 
whether your microphone is working. 
Then, follow the spoken instructions to 
see if everything's working. 


Web Devices can be used to specify 
whether Skype Video will be used, 
whether video should start automati- 
cally, and whether you want to 
receive other people's video and let 
them know you have video capabili- 
ties. After you have set up your 
Webcam, use the Test button to 
verify that you can see yourself. 


m@ Advanced lets you select whether you 
want to check for updates when start- 
ing Skype (I'd suggest doing so), which 
port to use (leave it as suggested), and 
if you are using a proxy, its details. 


™ Blocked People lets you manage your 
blacklist. If you don’t want to receive 
calls from particular users, you can 
block them from Skype's main win- 
dow. Right-click on users’ names, and 
you will have the option to block 
them. If you want to restore (unblock) 
someone, you can do so here. 


Play around with all options, but be 
sure to check, at the very least, the 
Sound Devices screen and do a test call. 
Otherwise, you might find that people 
call you, but you can’t hear them, or 
that you speak, but nobody hears you. 


Using Skype 

After installing Skype, your first goal 
should be setting up your contacts list. 
The green plus sign icon in the lower-left 
corner lets you look for other Skype users 
(Figure 3). In the text box at the top, 


‘9 Add a Skype Contact 
Add a Skype Contact 


enter either the Skype name, part of the 
full name, or the e-mail address to search 
for someone. You can restrict the search 
further (probably necessary if the person 
you are seeking has a common name) to 
a specific country, state, city, language 
and sex. Click Search, and Skype runs 
through all users, looking for those who 
match and shows a window with the list. 
If the person you are seeking is on the 
list, click on the name to select it, and 
then click Add Contact. The contact will 
appear on your personal list. 

If you have purchased some credit, 
you also can call landlines. (In order to buy 
credit, visit Skype's Web site, and you'll 
find the link in the top-right corner.) You 
can pay with PayPal, Visa, MasterCard and 
a few other options. (Remember to use 
some of the credit; if you don’t spend any 
of it in 180 days, your credit expires and 
you will lose whatever you had still 
remaining in your account.) 

If you want to add a standard phone, 
in the Add a Skype contact box, click the 
bottom link, Add an ordinary phone, and 
you will be able to enter the name and 
phone number. These numbers will show 


Search the Skype directory for old and new friends. If you know their Skype 
name, full name or e-mail address, enter it into the box below. 


Country/Region 


All Countries/Regions 


State/Province 


City 
} 


Language 


‘All Languages 


‘Skype Me’ mode 
Show only Skype Me contacts 


@- add an ordinary phone number as a SkypeOut contact 


Search 


Figure 3. Use the search form to look for people and add them to your contact list. 
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Figure 4. In your contacts list, green icons 
correspond to Skype users who are on-line, 
grayed-out icons indicate off-line users, and 
blue icons represent standard phones. 


up in your contact list with a blue 
(instead of green) icon, so you can recog- 
nize them at a glance (Figure 4). 

If you click on a user, you can see his 
or her picture (if you want to upload 
yours, click on your own name, and then 
click Edit Profile), and you will see three 
icons: a sky-blue Start Chat icon, a 
green Start Phone Call icon, and a 
down-pointing arrow that adds several 
more options, such as Send File, View 


Resources 


Skype: www.skype.com 
Download Skype: 
www.skype.com/intl/en/ 
download/skype/linux/choose 
Joost: www.joost.com 

Kazaa: www.kazaa.com 

TIME article on “The Skype Guys”: 
www.time.com/time/magazine/ 


article/0,9171,1187489,00.html 


Libland Webcam Drivers: 
mxhaard.free.fr 


List of Supported Webcams: 
mxhaard.free.fr/spca5xx.html 
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Getting Your Webcam to Work 


The biggest enhancement in Skype 2.0 is the video capabilities, so | 
certainly needed a Webcam in order to write this article. | went to a nearby 
computer shop, and knowing there could be driver problems (most 
Webcams, if not all, come only with Windows drivers, and not even a 
peep regarding Linux), | applied my common sense, studied the options 
thoroughly and opted for the cheapest model—if it wouldn't work, at 
least it wouldn't cost much! 


Even with the lack of support, there’s a good source of drivers at the 
Libland Web site. Its owner, Michel Xhaard, is doing a great job in 
providing a free driver that works with more than 200 different Webcam 
models. Thus, as the model | bought wasn’t exactly cutting-edge, | 
thought there would be a good chance it would work out of the box 
with this driver. 


| installed the Webcam, and did lsusb, which produced a line reading Bus 001 
Device 002: ID Oac8:307b Z-Star Microelectronics Corp.. The first four 
characters (actually, hexadecimal numbers) after ID identify the manufacturer, 
and the last four characters specify the model. | then checked the list of 
supported Webcams, looking for these values, and didn’t find them; however, 
| did find several other models from the same manufacturer, so | decided 
to give the driver a whirl. Because I’m running kernel 2.6.23, | needed the 
gspcav1 driver; for kernels below 2.6.11, scpa5xx is needed. | downloaded 


the package, and then as root, did the following: 


tar zxf gspcav1-20071224.tar.gz 


cd gspcavl-20071224 
./gspca_build 


The process ran seamlessly, so | tried the Webcam with Skype, and it 
worked. You might not be so lucky, but | recommend starting your 
search for a driver at Xhaard’s site. 


Profile, Rename Contact (if you want to 
change the way the user appears on 
your list), and for unwanted users, Delete 
Account and Block Account. Another 
option is to click on Call Ordinary Phones, 
which shows a touchtone-type display, 
allowing you to key in any number from 
any country; remember this has a cost, 
and you must have enough credit for this. 
During a phone call, you can right- 
click on the call window at any time 
and get similar options as described in 
the above paragraph. You even can 
start a chat, simultaneously with the call 
(you might want to do this should your 
connection prove a bit flaky). Another 
option is adding video, so you can send 
your image to the other party. You can 
do this automatically (depending on 
how you configured the video options, 
as described previously) or on demand 
(simply click the button). Click the red 


button at the lower right to hang up 
and finish the call. 

The chat window is quite similar to all 
other IRC channels. You can add more 
people to the chat if you like; simply click 
the Add People button. To end a chat, 
click on Leave Chat or close the window. 


Conclusion 

Skype lets you turn your computer into a 
phone, capable of calling both Skype 
users and common phone numbers all 
over the world. Let’s hope that the Skype 
developers speed up a bit, and let Linux 
users have more of the functionality 
available in other operating systems.m 


Federico Kereki is an Uruguayan Systems Engineer, with more 
than 20 years’ experience teaching at universities, doing devel- 
opment and consulting work, and writing articles and course 
material. He has been using Linux for many years, having 
installed it at several different companies. He is particularly 
interested in the better security and performance of Linux boxes. 
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Adventures with Chumby 


Turn the Chumby device into a useful kitchen assistant. DANIEL BARTHOLOMEW 


| am now the happy owner of one of the coolest gadgets 
| have ever experienced, the Chumby. At first glance, this 
diminutive computer appears to be nothing more than a 
Web-connected alarm clock. This, in and of itself, is a neat 
idea, and worth the price of admission for me. However, 


the Chumby is much more than a simple alarm clock, Web- 


connected or not. To that end, | made a conscious decision 
when the Chumby was on its way to me from the factory 
in China not to have the Chumby in the bedroom. Such a 
useful device should be in a room where people can take 
advantage of it while they're awake. 


Figure 1. What Comes with the Chumby 


The Chumby, at its heart, is a small embedded computer 
wrapped in a soft, squeezable shell made of plastic and 
leather. If you want to get technical, the Chumby is powered 
by a 350MHz ARM processor and contains 64MB of SDRAM 
and 64MB of NAND Flash ROM. For output, it has a 3.5" LCD 
color touchscreen, 2W stereo speakers, two USB 2.0 full-speed 
ports and a headphone jack. For input, it has the aforemen- 
tioned touchscreen, a squeeze button on the top, and an 
accelerometer for motion and tilt sensing. It connects to the 
Internet via 802.11b/g, which means you need to have 
a wireless network of some sort. Power is supplied by an 
external AC adapter, and there also is a connector for 
a nine-volt battery for emergency power. 

The Chumby displays small Flash movie “widgets”. These 
Flash movies can do anything that Flash movies can do within 
the limits of the Flash-Lite-3 embedded Flash player that the 
Chumby runs. In practical terms, this means it can play most 
Flash movies that run in version 8 or lower of the Flash 
browser plugin. Some features were added in version 9 of 
the browser plugin that are not supported in Flash-Lite-3. 
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/ 


Figure 2. Back of the Chumby 


A lot of thought and care has gone into the design of the 
Chumby, and every effort appears to have been made to make 
the Chumby as easy to use as possible. Even the packaging 
contains some nice touches, such as the linen bags the 
Chumby arrives in instead of yet another box. The bags are 
useful and mean less waste—always a good thing in my book. 

The user interface also is well designed. My very nontechnical 
wife was able to find her way around the Chumby easily. 
There even is a nice movie that plays when you turn the 
Chumby on for the first time that gives you a quick tour of 
the interface and main features. 

Once | had the Chumby unpacked and connected to my 


Figure 3. The Chumby Guided Tour 


network (and had given the little charms that | found in one of 
the bags to my kids), it was down to business. My original 
thoughts on what | wanted to do with the Chumby were to 
turn it into a kitchen assistant with a favorite recipes database 
that it served up from either a built-in or in-house Web server, 
a recipe search widget (to search the recipes in the database, 
or find new ones on-line), a music player, a shopping list cre- 
ator, a meal planner, a calendar, a photo album, an egg timer, 
a calculator and a plain-old alarm clock. Ten things shouldn't 
be too hard, right? Well, my success was mixed. Some things 
worked out great, and others, not so much. | haven't given up 
on getting all of the above working eventually, but not all of 
them work at this time. 


Figure 4. The Chumby in the Kitchen 


My first order of business was to try to create some Flash 
widgets, and | quickly found there are some major downsides 
to having Flash be the preferred method of application devel- 
opment on the Chumby. The good part is that the Flash soft- 
ware from Adobe is easy to use and can create all sorts of 
things. The bad part is that said software—apart from it being 
proprietary, closed-source and available only for Windows and 
Macintosh—costs twice as much as the Chumby, and there are 
no easy-to-use open-source alternatives to the Flash program- 
ming environment that run on Linux. 

There has been some progress in this area, mostly along 
the lines of simple environments for writing and compiling 
Adobe's Action Script language into Flash movies, but the best 
of these, FlashDevelop, is Windows-only. I’m also not too keen 
on learning yet another programming language. There are 
some Linux GUI tools that are in the proof-of-concept stage 
(meaning they look nice but don’t work). 

Another option for me would have been to hack the 
underlying embedded Linux operating system on the Chumby 
and add something like embedded GTK or KDE, but | quickly 
put that out of my mind, as | don’t think | have the chops to 
avoid turning the Chumby into a paperweight in the process. 

So, | went with what | had, and what | could find. The 
upside to this approach is that new widgets are being released 
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The Secret Chumby 
Menu—lIt’s as Easy as Pi 


There’s a secret menu on the Chumby, and it is fairly easy 
to reach. Here's what you need to do: 


1. Bring up the control panel. 
2. Tap on Settings. 
3. Tap on Chumby Info. 


4. On the info screen, in the upper-right corner is a tiny 
Pi symbol, tap it. 


5. Done! 


If you followed the above steps, you now are looking 
at a screen titled “Do you believe in the Users?”. Tron 
references aside, now you can do things like browse 
the filesystem and start up the SSH deemon. 


all the time—more than a dozen in the few weeks that I’ve 
had the Chumby—and people are constantly thinking up new 
things for their Chumbys to do. 


The Chumby as an Alarm Clock 

There is an alarm clock built in to the Chumby, so this one 
was checked off of my list before the Chumby arrived. The 
Chumby can have multiple alarms, and the alarms can trig- 
ger different sounds and activate different sets of widgets. 
For example, in the morning | have an alarm that does not 
make a sound (the Chumby is not in my bedroom, so any 
alarm sound would not be heard), but what it does do is 
switch the active set of widgets over to my “morning” set, 
which contains a mixture of news and weather widgets 
that | like to look at while I'm getting breakfast ready. 
When the time comes to take the kids to school, there's 
another alarm, and this one does make a sound. | also 
have other morning, afternoon and evening alarms that— 
although they don’t make any noise—switch the active 
widget set to the sorts of things | am generally interested 
in at those times. 


The Chumby as a Digital Photo Frame 
The photo album also was checked off before the Chumby 
arrived. There are many options for displaying photos 
through your Chumby. The easiest are the series of official 
photo widgets that can pull photos from your Flickr, Picasa, 
Photobucket or MySpace accounts. You just enter your login 
details and the album you want, and away you go. 

There is also a neat service called Dailio where you can 
send photos to a special e-mail address, and they will show up 
on your Chumby without any further effort. 
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The Chumby as a Kitchen Timer 

The egg timer was another easy item to cross off my list, as an 
enterprising member of the Chumby community (the same 
one who created the Dailio widget) already created one that 
works very well. 
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Figure 5. Toasty, the Chumby Kitchen Timer 


The Chumby as a Calculator 

There is a also a calculator widget that a different member of 
the Chumby community created. It works well, and that’s 
about all | have to say on the subject, apart from that | wish 
the buttons were bigger. 


The Chumby as a Calendar 

The calendar widget I’m using is one that displays my Google 
Calendar. It is limited to an agenda view that lists each sched- 
uled item in order. It would have been nice to have daily, week 
or month views, but it is certainly usable if not quite what | 
was looking for. 


The Chumby as a Music Player 

| was very pleased with the Chumby’s support for listening to 
music. The music section of the Chumby control panel has 
several options that let you listen to music from a variety of 
locations. These include an iPod, SHOUTcast streams, Mediafly 
podcasts, any radio streams in MP3 or Ogg format from radio 
stations or your own local SlimServer, or music files (in Ogg, 
MP3 or FLAC format) from a USB thumbdrive plugged in to 
one of the available USB ports. 

Incidentally, the speakers on the Chumby sound quite nice, 
especially considering their size. There is, of course, the option 
to plug in a set of external speakers or a pair of headphones 
to the headphone jack if you want better sound. 


The Chumby as a Recipe Book 

The first idea | had for my kitchen-assistant Chumby was to 
make it into a recipe book, so | focused a lot of my efforts 

here. The recipe book idea is also, coincidentally, my wife’s 
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Figure 6. Music on the Chumby 


favorite use for the Chumby. She's been storing her favorite 
recipes for years now on her computer in .odt format, and 
whenever she cooks something she needs a recipe for, she 
either makes a lot of trips back and forth to her computer, or 
she prints the recipe out. Neither of those options are ideal. 
As with the other tasks | had outlined for the Chumby—| 
named him George, by the way—I first went looking to see if 
someone had a recipe widget already created. | could not find 
any, so | then decided to look to see whether there were any 
widgets | could easily adapt into becoming a recipe widget. 
There are several photo-viewing widgets, so my first 
inclination was simply to create 320x240 pixel images of 
my recipes, upload them to my Flickr or Picasa accounts, 
and then view them on the Chumby. This worked—a PNG 
image is a PNG image after all—but it didn’t work very 
well, because practically all of the photo widgets are for 
showing slideshows, with the photos switching every few 
seconds. This is fine if you are displaying photos—I use the 
Flickr one for pictures of my kids and love it—but recipes 
need to stay on the screen for several minutes (or longer, 


Chocolate Oatmeal Cookies 


Ingredients: 
‘2 cup milk 6 cup margarine 
2 cups sugar 6 tablespoons Cocoa 
pinch of salt Wax paper 
1 teaspoon Vanilla 3 cups oatmeal 


Directions: 

Mix sugar, cocoa and salt. Add this to melted butter 
and milk. Stir and let boil for three minutes. Add 
vanilla and oatmeal. Drop spoonfuls onto waxed 


paper. Let cool. Makes 4 dozen cookies. 


Figure 7. My Early Attempt at a Recipe Book—Individual “Card” Images 
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Chumby Software 
Licenses 


The software on the Chumby is open source, through 
and through. Just take a look at the Software Licenses 
screen (accessed from SettingsChumby Info—Software 
Licenses). Hack away at the Chumby all you want. 


depending on preparation time). 

The photo widget that worked the best was the Dailio 
widget. Unlike other photo widgets, this one lets you set how 
long a photo stays displayed (from five seconds to five min- 
utes). There also is a forever option, which | assume means 
that the photo stays displayed until you change it manually, 
but that option did not work for me. Instead, it caused the 
recipes to blink and stutter. So | was stuck with five minutes, 
which is okay, but not perfect. 

| finally found the perfect recipe option sitting right under 
my nose: Impress, the OpenOffice.org presentation applica- 
tion. It has an option to export any slideshow as a Flash (.swf) 
file. It also turns out that these files play perfectly on the 
Chumby, even though they are not technically the correct 
size. So | chose one of the basic templates, and then, using 
each slide as a “recipe card”, created a recipe book. 
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Biscuits & Gravy 


Directions 
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Figure 8. Creating a Recipe Book 


For simplicity and ease of use, | did not put in any transi- 
tions or text animations. | also tried to keep the fonts as large 
as possible while still fitting an entire recipe on a single slide. 
The side effect of not putting any auto-advancing slides into 
my presentation is that each slide stays put until I’m done with 
it, which is perfect behavior. 

Each presentation always starts at the first slide, and 
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you have to tap through each preceding recipe to get to 
the one you want. So | created several presentations with 
general themes, like desserts, main dishes and so on, to 
keep the number of recipes per widget manageable. 

Currently, the recipe books are pretty plain. Over the next 
few weeks, | plan to add photos to the recipes and make 
other general improvements, but as they stand now, they 
already have been put to good use. 


Chocolate Oatmeal Cookies 


Ingredients 
* *c Milk 


Directions 
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Figure 9. A Recipe on the Chumby 


The process of getting a custom widget, like my recipe 
books, onto the Chumby is simple. There actually are a 
couple ways to do this, but the most straightforward 
option is to upload it to Chumby.com and add it to one of 
your channels there. All you need is your .swf file and an 
icon. The icon is a simple 80x60 pixel .jog image. | kept 
mine simple by putting black text on a white background 
using The GIMP. 
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Figure 10. Creating an Icon in The GIMP 


Go to www.chumby.com/widgets/upload to upload 
your widget. The form is self-explanatory. Once uploaded, 
your widget will be available in the category you chose, 


Listing 1. Sample profile.xml File 


<profile> 
<widget_instances> 
<widget_instance id="1"> 
<widget> 
<name>Breads</name> 


<description>Various bread recipes.</description> 


<version>1.@</version> 
<mode time="180" mode="timeout"/> 


<access sendable="false" deleteable="false" access="private" 


virtualable="false"/> 


<user username="myusername"/> 


<thumbnail href="file:////mnt/usb/breads. jpg" 
contenttype="image/jpeg"/> 
<movie href="file:////mnt/usb/breads.swt" 
contenttype="application/x-shockwave-flash"/> 
</widget> 
</widget_instance> 


<widget_instance id="2"> 
<widget> 
<name>Cookies</name> 


<description>Various cookie recipes.</description> 


<version>1.0@</version> 
<mode time="180" mode="timeout"/> 


<access sendable="false" deleteable="false" access="private" 


virtualable="false"/> 
<user username="myusername"/> 


<thumbnail href="file:////mnt/usb/cookies. jpg" 
contenttype="image/jpeg"/> 
<movie href="file:////mnt/usb/cookies. swf" 
contenttype="application/x-shockwave-flash"/> 
</widget> 
</widget_instance> 


</widget_instances> 
</profile> 


and if you marked it as public, it will be viewable by all 
Chumby users (once the Chumby folks have determined 
that it isn’t a malicious widget). 

The only real downside to the browser method is that 
Chumby.com will let you upload only widgets that are less 
than 100K in size. If you create a widget larger than that— 
and | expect that once I’ve added all my recipes and pho- 
tos, each recipe book has the possibility to be larger than 
that—the other way to get a widget onto your Chumby is 
with a USB thumbdrive. 

For the thumbdrive method, apart from the icon and 
Flash files, you need a text file named profile.xml. The 


There is also a neat 
service called Dailio 
where you can send 
photos to a special 
e-mail address, and 
they will show up on 
your Chumby without 
any further effort. 


Chumby looks for this file when it 
boots and will add any widgets 
described in it to all of your widget 
channels. This file is self-explanatory, 
and the Chumby Wiki provides full 
instructions. 


The Chumby as a Recipe 
Search Engine, Shopping List 
Creator and Meal Planner 

| haven't been able to get all the 
things | wanted to get onto the 
Chumby onto it. However, after actu- 
ally using the Chumby for a couple 
weeks, I’m not so sure they were good 
ideas to begin with. 

The main reason for this is that my 
intended recipe search, shopping list 
creator and meal planning widgets all 
would require extensive text input, and 
that is where the Chumby is not ideal. 
The Chumby is mainly an output 
device, suited to displaying various bits 
of information. Input is best limited to 
simple interactions, such as tapping on 
buttons and sliding your finger around 
the screen. 

The Chumby can handle text input, 
and some widgets require it. The con- 
trol panel, for example, has a simple 
on-screen keyboard where you enter in your wireless set- 
tings during the Chumby’s initial setup. Also, in the music 
interface, there is another on-screen keyboard where you 
enter in the location of the music stream to which you 
want to connect. But, supporting text input where required 
and doing a lot of text input are two very different things. 

After entering text in just those two above-mentioned 
places, | could see it was not something | would want to 
do on a regular basis with the Chumby, because although 
it works, it’s slow. The problem is that when using the 
Chumby, the natural thing to do is to use your fingers, and 
most widgets—if they have buttons at all—keep them 
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Figure 11. Some RSS feeds don’t work. 


large and few in number. For effective text input, you need 
a lot of small buttons, and on the Chumby’s screen, lots of 
small buttons practically requires you to use a stylus—not 
something | want to have to use with the Chumby. 

| toyed around with using an RSS widget to display recipe 
data from sites that offer it, such as Taste-of-Home’s Recipe of 
the Day, but as you can see from the screenshot, my testing 
did not go so well. 


Final Thoughts 

The Chumby is an amazing device. It can be adapted to fit 
in with almost any room in the house and can display any 
sort of data that can be displayed within the confines of 
the Flash file format. 

New widgets come out all the time, and the basic software 
is under constant improvement. Check out chumby.com and 
browse the available widgets; there’s something for everyone. 

The Chumby is also very hackable. The underlying oper- 
ating system is embedded Linux, and all the source code 
(apart from a few licensed bits that they aren't allowed to 
disclose) and complete hardware schematics are available 
on the Chumby Web site. The developers really seem to 
get the idea of making a device hackable, with their only 
warning being a gentle reminder that if you take your 
Chumby apart, it will void the warranty. Beyond that, they 
actively encourage you to turn the Chumby into anything 
you please and are eager to help you in any way they can 
through their Web site, forums and wiki. 

In these days of locked-down, don’‘t-you-dare-look- 
behind-the-curtain-or-we'll-sue gadgets, having one that 
you can mod to your heart's content, with full schematics 
and source code—and the original developers—to guide 
you, is a nice feeling.m 


Go 0 © 


Daniel Bartholomew lives with his wife and children in North Carolina. 
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SSH and HTTP on 
the Chumby 


Being based on Linux, the Chumby has a lot of functionality 
that isn’t exposed right off the bat. An example of this is the 
built-in Web server and the ability to SSH into the Chumby. 


The Web server, by default, has only a link to some statis- 
tics on how good the wireless connection is, but it can be 
extended easily. 


Yes, you can SSH into the Chumby. 


When you SSH into the Chumby, you'll find a nice, 
embedded command-line environment waiting for you, 
courtesy of BusyBox. You even can set up cron jobs 
and run shell scripts. 


Resources 


The Source for All Things Chumby: chumby.com 

The Friendly and Helpful Chumby Forums: forum.chumby.com 
The Chumby Wiki: wiki.chumby.com 

Nitty-Gritty Chumby Details: www.chumby.com/developers 


FlashDevelop: www.flashdevelop.org 
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AVSynthesis: Blending 
Light and Sound with 
OpenGL and Csound5 


Introducing a unique and powerful program for mixing son et lumiére into 
fascinating experimental videos. DAVE PHILLIPS 


The artistic combination of sound and image is a common 
enough phenomenon. Movies, television and various Internet 
channels demonstrate the happy results from the blend of 
recorded sight and sound. However, these examples typically 
utilize sound in the role of an accompanist, perhaps greatly 
significant but still primarily an accompanist. 

There is another way to consider the role of music and 
sound in video production—a way in which the sound itself 
informs the flow of images and their transformations. 
Although not a novel concept (see the Wikipedia entry on 
John Whitney), the practice has taken on a new richness of 
possibilities with the use of computers in the recording and 
editing of digital son et /umiére. 

Jean-Pierre Lemoine has been exploring these new riches 
at least since the late 1990s. | profiled his HPKComposer 
(coauthored with Didiel Debril) in my Book of Linux Music 
& Sound, which was written in 1999, and even then the 
HPKComposer Web page stated that the program was ”... a 3D 
art composition tool for Csound”. At that time, the authors 
chose to use the Virtual Reality Modeling Language (VRML) for 
its graphics engine. | could meet the program's Java require- 
ments and work with its Csound side, but | was unable to 


Figure 1. AVSynthesis in Play 
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work with VRML under Linux then. Nevertheless, the Web 
site's screenshots made quite an impression, and | hoped that 
someday such a program would become useful under Linux. 

Cut to the work of Csound developer Gabriel Maldonado: 
his CsoundAV for Windows is a true fork from the canonical 
Csound source tree, but Gabe is a genial fellow who freely 
offers all his code extensions to the community. Recent devel- 
opments in canonical Csound have facilitated the adoption of 
some CsoundAV opcodes, though we await the inclusion of 
the CsoundAV opcodes for OpenGL, and this situation brings 
us to the latest work of Jean-Pierre Lemoine, titled simply 
AVSynthesis (Figure 1). 

AVSynthesis embraces and extends many of the design 
concepts behind HPKComposer. The program blends sound 
and images to produce abstract non-representational works 
of art. It’s written in Java, and Csound is still the audio engine 
of choice, but the VRML interface has been replaced by a 
set of image controls based on the OpenGL shading language 
(GLSL). The program creates radical associations and corre- 
spondences between image and sound, leveraging the powers 
of Csound and OpenGL for the arbitrary manipulation of 
digital audio and digital images. 


Requirements and Installations 
Like many experimental applications, AVSynthesis is not a per- 
fectly packaged program, and it is not ready for use right out 
of the box. It is a unique program, and as such, it has some 
unique requirements that may not be met by your distribu- 
tion’s package repositories. Building the required dependencies 
is not especially difficult, as long as you have a typical Linux 
development environment installed and properly configured 
for your system. | include here the particular instructions for 
compiling Csound and configuring AVSynthesis, with some 
notes on the requirements for building the application on a 
64-bit system. 

AVSynthesis demands a specific set of dependencies: 


@ Java (1.5 or higher) 
® LWIGL (the Light Weight Java Game Library) 


™ Csound (5.07 or higher) 


@ OpenGL 


Where they are noted, the versions are critical, and each 
component is subject to its own build prerequisites. As men- 
tioned, Csound needs some special attention in order to use it 
with AVSynthesis. 

Csound has its own set of necessary dependencies, but 
space restrictions here forbid a complete description of the 
program and its requirements. Fortunately, thorough and 
excellent documentation is available from www.csounds.com, 
so | focus here only on the configuration needed to compile 
the program for use with AVSynthesis. 

The following options configure and compile the csound 
binary for double-precision floating-point numerics and create 
lib_jcsound.so, a Java “wrapper” library for Csound’s audio 
synthesis and processing services: 


scons useDouble=1 install=1 buildPythonOpcodes=1 buildInterfaces=1 
>buildJavaWrapper=1 dynamicCsoundLibrary=1 


The Python opcodes are not required by AVSynthesis, 
but | include the option for use with Steven Yi‘s blue, a superb 
environment for working with Csound. All other options in 
this build configuration must be included for work with 
AVSynthesis. If the build is successful, the lib_jcsound.so library 
will be at the top level of the Csound source tree. Install 
Csound (scons install), then copy lib_jcsound.so to the 
AVSynthesis native directory. That’s it; you're finished with 
setting up the audio side of AVSynthesis. 

The OpenGL and LWIJGL libraries provide the interface’s 
visual Components and style. The various parameter control 
screens resemble the control panels seen in many OpenGL- 
based games, with visual effects, such as animated icons and 
mobile transparencies—niceties that liven the appearance of 
the program and improve its work flow. 

The LWJGL libraries present a minor difficulty. The AVSynthesis 
package includes the LWJGL libraries as Windows-format 
DLLs but not the required native Linux libraries (that is, in 
.So format). The package includes these DLLs: 


@ DeviL.dll 

g ILU-dll 

@ ILUT. dll 

™@ _jcsound.dll 
@ lwjgl-devil.dll 
B lwjgl.dil 


Those files must be replaced by the following native 
Linux equivalents: 


B libIL.so 


@ libILU.so 

@ libILUT.so 

@ lib_jcsound.so 
@ liblwjgl-devil.so 
B liblwjgl.so 


The lib_jcsound.so library comes from the Csound build 
described above; the others come from the LWJGL binary 
package (downloaded from Iwjgl.org). Alas, 64-bit users will 
need to build and install the LWJGL and the IL libraries them- 
selves. As far as | could tell, packages for these libraries are not 
readily available in 64-bit format, but building them is trivial 
and requires no special instructions beyond adding --with-pic 
to the configuration step (./config --with-pic). After build- 
ing or downloading the libraries, they must be copied to the 
AVSynthesis native directory. You then can move or delete the 
DLL versions. 

Neither Java nor OpenGL requires any rebuilding or special 
runtime options. These are common packages now, so if you 
don’t have them installed already, summon your package 
manager and install the latest versions Java must be 1.5 or 
higher). AVSynthesis itself is launched from a .jar file that 
works equally well in a 32-bit or 64-bit environment. 

In addition to these software requirements, your computer 
should have a fast CPU and a video system capable of acceler- 
ated 3-D graphics. | tested AVSynthesis on two machines: a 
32-bit box with an AMD64 3800+ CPU (a 2.4GHz chip) and 
a 64-bit machine powered by an AMD64 3200+ CPU (2GHz). 
Both systems include NVIDIA graphics boards (GeForce 
7300GS and GeForce 7600GS, respectively), with xorg.conf 
configured for NVIDIA's proprietary nvidia driver (that is, not 
the open-source nv module). The 32-bit iron runs the JAD 
distribution, based on OpenSUSE 10.2, and my 64-bit box runs 
64 Studio, a Debian-based distro. Both systems are optimized 
for multimedia and include kernels optimized for real-time 
performance. However, programs such as AVSynthesis want 
resources, lots of them, and | consider my machines as rather 
low-end for AVSynthesis. Your mileage may vary, of course, 
but for the best results from this program, | recommend a 
3GHz CPU, at least 2GB of RAM, a fast 3-D graphics card and 
a large, fast hard disk. 

| also recommend a high-quality audio system. Cheaper 
desktop speaker arrays may be suitable for watching DVDs, 
but Csound is capable of audiophile-quality output, so 
you'll want a sound system as powerful as your graphics 
system. Here at Studio Dave, | have my JAD box connected 
to a relatively low-end 5.1 sound system (a combination 
of Creative Labs and Peavey hardware), while the 64 Studio 
machine is hooked up to a conventional small studio 
audio system with a Yamaha digital mixer, a standalone 
100-watt power amplifier and a pair of high-quality 
monitor speakers. 
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Getting Started with AVSynthesis 

Now we can get started with AVSynthesis. First, edit the 
data/config.xml file for the runtime options for Csound and 
OpenGL. | added these options to set up Csound for running 
with the JACK audio server and to configure OpenGL for my 
screen dimensions and video frame rate: 


<config csound="-+rtaudio=jack -+rtmidi=portmidi 
>--expression-opt -odac:alsa_pcm:playback_ -d -mOQ -g -f 
=»-MQ -b1024 temp.orc temp.sco" ksmps="16" width="1280" 
wheight="1024" fullscreen="false" FPS="30"/> 


Other options must be used if Csound is not compiled with 
JACK or PortMIDI support. See the Csound documentation for 
information about other startup and runtime options. 

Next, | prepared the Csound and Java environments with 
these commands: 


export OPCODEDIR64=/usr/local/1lib/csound/plugins64/ 
export PATH=$PATH: /home/d1philp/jdk16/:/home/d1lphilp/jdk16/bin/ 


These commands can be added to your home directory’s 
.bashrc file to automate this step. 

Next, | used QJackCtl to configure and start the JACK 
audio server. This step is unnecessary if you're not using JACK, 
but | advise doing so for best latency. 

Finally, | could start the program: 


cd $HOME/AVSynthesis 
java -Xmx768m -Djava.library.path=./native -cp 

wAVSynthesis.jar:./lib/* org.hpk.av.AVSynthesis 

This command calls Java, sets a memory amount for it, 

points the Java library path to the AVSynthesis/native directory, 
declares the classpath (-cp), loads the needed jar files from 
the top directory and the lib directory, and launches the appli- 
cation. By the way, the cryptic string at the end is in the 
AVSynthesis jar file. It’s a weird way to start an app, | know, 
but Java can be like that. 


How It Works 
AVSynthesis takes two or more PNG or JPG images, blends 
them together in an animated sequence and treats that 
sequence with various transformations made possible by the 
OpenGL shading language. At the same time, the program 
creates a soundtrack that follows the same timeline as the 
video sequence. The soundtrack itself may be heavily treated 
by the synthesis, processing and composition algorithms 
provided by Csound. In AVSynthesis-speak, this combination 
of sound and image is called a layer. By the way, you can 
add your own PNG and JPG images to the AVSynthesis 
data/textures directory, and your own soundfiles can be 
added to the data/loops directory (for processing by the 
Csound loop instrument generator). 

Given the space limitations for this article, it's impossible 
to describe the variety of controls over the image and 
sound processors fully. Consider this possible scenario for 
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the audio section alone: up to three sound sources are 
available per layer, each sound source is one of five genera- 
tor types, and each generator’s sound can be modified fur- 
ther by up to three audio signal processors. Each processor 
is one of 13 types. Almost every parameter in the synthesiz- 
ers and the processors can be modulated by one of eight 
envelope curves, and each curve is also subject to a modifi- 
cation of its time span. As you can see, it’s complexity within 
complexity, and | haven't even considered the possibilities 
added by the sequencer and the mixer. 

Let me describe an uncomplicated project—an exercise to 
demonstrate AVSynthesis basics. Note that my description only 
scratches the surface of this program, and that its full power 
can be seen and heard only in vivo. I've provided links in the 
Resources section to some demonstration files, but they merely 
hint at the possibilities. Worse, the necessary video compres- 
sion codecs are unkind to the vivid clarity of an AVSynthesis 
real-time performance. With these facts in mind, let's proceed 
to the project. 


The Composition Editor, Part 1 

AVSynthesis opens to the composition editor, the program's 
highest level. This screen is similar to a track display in a digital 
audio multitrack recorder, but a track here performs only one 
task. Each track is a timeline divided into 30 ten-second sec- 
tions, and each section contains one stage of a simple three- 
stage line-segment envelope that controls the visibility and the 
corresponding audio volume of the track's layer. As we shall 
see, this envelope itself may be modified by factors working 
elsewhere within the program. 

No text labels or tooltips describe the Composition screen's 
various functions, so the user must memorize their significance 
and purposes. Fortunately, there are relatively few functions on 
this screen. Figure 2 defines the other screen elements, most 
of which deal with performance controls and save/load func- 
tions. Later, we'll consider some of them more closely, but first, 
let's make a movie, with sound. 


Figure 2. The Composition Screen Layout 


Figure 3 shows a default empty layer. When the mouse pointer 
stays on the layer image, a transparent overlay appears with 
various controls for managing the layer. Click on the icon in 
the lower-left corner of the overlay to invoke the Layer Editor 
shown in Figure 4. The icons across the top of the screenshot 
represent, from left to right, the transformed image, the base 
image selector, the modulating image selector, the GL shader 
effect editor, the envelope curve editor and the audio system 
editor. Let’s start our movie-making by selecting our base and 
modulator images to create an image for treatment by the GL 
shaders. Next, click on that image (it’s the largest of the top 
three) to invoke the GLSL shader selector, then set the light 
source, contrast and effect processor for your blended image. 
Each shader has its own set of performance controls, some of 
which are shared by all the shaders, while others are unique to 
the particular effects you've chosen. Figure 4 displays the 
results of such a process after adding the Wobble shader. 


Figure 3. A Blank Layer 


Figure 4. The Layer Editor 


At this point, you can call the GL shader editor for further 
finessing of the transformation. Note that the transparency 
that appears over the blended image includes a play control 
for testing your later transforms at any point in the process, so 
feel free to bend, fold, staple and mutilate to whatever degree 
necessary. Set constraint ranges, apply envelope curves and 
specify single values. Experiment, experiment, experiment. Be 
aware, however, that AVSynthesis is short on safeguards, so 
save your work frequently. There’s also no undo/redo, and you 
receive no warnings about anything except when you decide 
to quit the program. 

Figure 5 shows the control panel for the Wobble effect. The 
shader's unique controls are at the bottom of the panel and 
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consist of a start slider and two sliders apiece for controlling the 
frequency and amplitude parameters of the effect. The remain- 
ing controls are, as mentioned, common to all the shaders. They 
include texture managers, a transparency slider, color controls, 
and eye and light positioners. These common controls can be 
augmented by extensions required by a particular shader. 


Figure 5. GL Shader Controls 


A parameter value can be set explicitly with its slider, or 
you can define a range of values with the constraint mask 
(the black and gray bars shown in Figure 5) to limit the 
possible values only to the range covered by the mask. This 
range can be modified further by one of the envelopes 
defined in the Curves screen. 


The icon at the top-right corner of Figure 4 invokes the 
AVSynthesis audio system editors. When the icon is selected, 
a column of new icons appears at the screen's left (Figure 6). 
From top to bottom, these icons represent the audio sequencer, 
three synthesizers, three processing modules and the audio 
mixer. They are all external representations of the Csound 
engine within AVSynthesis. We'll consider each of these 
components in turn, but only briefly. 


Figure 6. The AVSynthesis Sequencer 
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The sequencer manages the flow of time for the evolution 
of both the sound and the video transformations. Lower values 
represent slower speeds, and higher values make things hap- 
pen faster. However, time distortion possibilities are rampant in 
AVSynthesis, and it is not always a simple matter to predict 
exactly how long a composition will last. 

The controls in the synthesis, processing and mixing 
screens behave exactly like their video counterparts (Figure 7). 
Values are defined with sliders and masks, envelopes can be 
placed over ranges and so forth. 


Figure 7. A Csound Synthesizer 


Incidentally, Csound’s deployment is completely concealed to 
the normal user, and no prior knowledge of Csound or any other 
programming language is necessary in order to use AVSynthesis. 

The test play function is available here too. When you are 
satisfied with the sound, save the layer, then click the mini- 
image of the composition editor (at the top-left corner of the 
Layer Editor) to return to that screen. 


Before doing anything else, save your performance and all its 
parts with the Save Part/Performance button (Figure 2). Up to 
ten performances can be saved, each with ten parts, with up 
to 13 layers per part. For now, just save your work to its 
starting location (for example, Performance 0, Part 3). 

Your track is represented now by its layer’s blended image. 
Next, we need to add a performance curve in the track time- 
line. Left-click near the top of track section to set a peak for 
the curve, near the bottom for a zero value. The envelope 
curve offers only fixed-length attack and decay segments, but 
you can click and drag to set arbitrary lengths for peak and 
zero-value segments (Figure 1). Okay, we've defined our visual 
and audio elements and their transformations, we've set a 
performance curve in the composition timeline, so we're 
ready to put AVSynthesis into one of its performance modes. 

The square buttons at the bottom right of the Composition 
screen represent the program's three performance modes. The 
right-most button turns on the rendering mode, the center 
square puts AVSynthesis into a MIDI-controlled mode, and the 
left button toggles the real-time performance mode. 

The real-time mode plays the arrangement of layers and 
their associated curves on the composition screen timeline. 
Click the button, and your composition plays in real time. Click 
anywhere in the composition screen to stop playback. If an 


error occurs, AVSynthesis may print some relevant information 
to your terminal window, or it may run with no display or 
sound until you click to stop playback. Or, it may freak out 
entirely and freeze your system. As | said, it’s experimental 
software, so these things happen. 

When the MIDI performance mode is selected, the MIDI 
continuous controller #85 can be used as a layer fader during 
real-time performance from the composition screen. The input 
port is designated by the Csound options specified in the 
AVSynthesis config.xml file. In my example above, the -MO 
option sets the input port to the ALSA MIDI Thru port. 

| tested MIDI control by hooking a sequencer to the MIDI 
Thru port in QJackCtl’s MIDI Connections panel. | used loops 
of sequential and random values for controller #85, and every- 
thing worked perfectly. The implementation is limited, but it 
points the way toward more interesting real-time performance 
controls, such as layer blackouts and sudden appearances. This 
MIDI control extends only to the video part of a layer; it does 
not affect the audio portion. 

The rendering mode runs the arrangement in the 
Composition screen in slower than real time to produce one 
TGA image file per video frame. The frame rate is set in the 
data/config.xml file (see above), and the author advises leaving 


it at its default of 30 frames per second. Thus, at the default 
frame rate, 30 image files will be created for each second of 
your composition. These files can be compiled into an anima- 
tion (see below). At the same time, Csound’s output is cap- 
tured to a soundfile (render.wav in the data directory) that can 
be added to the animation. 

For some reason, the render mode works only once per 
session. If you want to record another take, save your work 
and re-open the program. Hopefully, this limitation will be 
removed in a future version. 

Incidentally, the Fullscreen, Save Perf/Part, Realtime 
Performance and MIDI Mode buttons are available from all 
screens within AVSynthesis. 


AVSynthesis does not create a movie directly. When you click 
on the Render button, the program creates a series of uniformly 
sized image files (approximately 4MB each), and the number 
of files can be massive. You will need a video encoding pro- 
gram to turn these static images into a flowing animation. 
The following instructions use MEncoder from the MPlayer 
Project, but any other video encoder should work, as long as 
it's capable of converting static TGA images into a movie. 
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The first step sorts the TGA files into a numbered list. This 
step is necessary if your encoder reads the TGA files in this 
order: 1.tga, 10.tga, 100.tga, 1000.tga, 1001.tga...101.tga, 
1010.tga, 1011.tga and so on. 

Encoding the files in that order results in images rendered 
out of their original sequence. We need to encode them in 
this order: 1.tga, 2.tga, 3.tga, 4.tga and so on. 

| asked the mavens on the Linux Audio Users mailing list 
how they would resolve this irritating dilemma. Various 
solutions were proposed, and the most appealing of which 
was this elegant fix from Wolfgang Woehl: 


cd data/render 
find *tga | sort -n > list 


The list file can then be processed by MEncoder. 

As | mentioned, the Csound audio output is saved in a 
separate audio file named render.wav in the AVSynthesis data 
directory. By default, this file is a 16-bit stereo WAV file with a 
sampling rate of 44.1kHz—that is, a CD-quality soundfile. It 
needs no special attention unless you want to rename it. 

Now, we're ready to encode our images and soundfiles. 
Given the potentially large number of TGA images, the encoder 
is likely to produce a very large video file, and even a relatively 
short animation can devour dozens of gigabytes of storage. We 
need to consider a compression scheme to reduce the file size. 

| discovered two ways of using MEncoder to create a com- 
pressed AVI from my audio and video data. The first way uses 
a multipass method: 


mencoder -ovc lavc -lavcopts vcodec=huffyuv: pred=2: format 
>=422P:vstrict=-1 -noskip -mf fps=30 -o master.avi mf://@list 
mencoder -ovc lavc -lavcopts vcodec=mpeg4:vme=1:keyint 

>=25: vbitrate=1000:vpass=1 -noskip -o foo.avi master.avi 
mencoder -oac copy -audiofile ../render.wav -ovc lavc -lavcopts 
=>vcodec=mpeg4 : vme=1: key int=25: vbitrate=1000: vpass=2 

-noskip -o foo.avi master.avi 


The first step creates a huge master file, which is then 
treated to a two-pass reduction scheme that adds the audio 
data in the second pass. 

This single-pass method also creates a large file, but it has 
the advantage of faster production: 


mencoder -oac copy -audiofile ../render.wav -ovc lavc 
>-Lavcopts vcodec=mpeg4: vme=1: keyint=30: vbitrate=1000 
=>-vf scale=800:600 -noskip -mf type=tga:fps=30 -o 
wavs-001.avi mf://@list 


As presented, this method sets the movie display size to 
800x600. The scale parameter also can be included in either 
the second or third steps in the multipass example, and may in 
fact be necessary if your system complains about creating a 
large-sized movie. 

I've placed three example AVIs on-line at linux-sound.org/ 
avs-examples. Each animation demonstrates some of 
the effects possible with a single GL shader (for example, 
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wobble.avi), the simplest Csound audio setup (one synth, one 
signal processor), and the (mostly) default values for the 
sequencer. Alas, the compressed videos can only hint at the 
visual beauty of AVSynthesis performing in real time, and they 
are offered merely as glimpses of the program's artistic potential. 


Known Problems 

The AVSynthesis config.xml file includes entries for changing 
the program window size. AVSynthesis defaults to the current 
screen settings, and it will fail to launch if it can’t validate the 
dimensions given in the config file. Alas, | was unable to 
launch the program in any screen mode other than my default 
dimensions (1280x1024). 

The Csound phase vocoder opcodes are very CPU-intensive. 
AVSynthesis has crashed randomly when | use the effects based 
on those opcodes, though it works fine with them at other times. 

The render.wav file and the data/render directory 
must be cleared by the user; AVSynthesis will overwrite 
the current contents. 

Sound may become distorted when using the Analog 
Synth 2 and the Wild Grain processor. Use the mixer to 
balance audio output from the synths. 


The Wrap 

AVSynthesis is well worth the effort required to make it hap- 
pen. The further | get into AVSynthesis, the more possibilities | 
discover that warrant yet deeper exploration, and | can see 
(and hear) myself staying involved with the program for quite 
a while. The program's author has stated that he intends to 
squash remaining bugs and add some new features, but he 
wants to keep AVSynthesis as uncomplicated as possible. You 
can check out the latest version yourself, and with this guide’s 
assistance, you should be running AVSynthesis quickly and 
smoothly under Linux. Have fun, be creative, and be sure to let 
Jean-Pierre know how you're using his software.m 


Dave Phillips is a professional musician and writer living in Findlay, Ohio. He’s been using Linux 
since the mid-1990s and was one of the original founders of the Linux Audio Developers group. 
He is the author of The Book of Linux Music & Sound (No Starch Press, 2000) and has written 
many articles on Linux music and sound issues for various journals and on-line news sites. 
When he isn’t playing with light and sound, he enjoys reading Latin literature, practicing t’ai chi, 
chasing shar-pei puppies and spending time with his beloved Ivy. 
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MPlayer: www.mplayerhq.hu 
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Fresh from the Lab 


A look at promising software in development. JOHN KNIGHT 


Zero Install System (Oinstall.net) 

You may have heard of this project before—another attempted 
solution to a software installation problem with Linux. What is 
the problem, you ask? 

How do you install new software on Linux easily, in a uni- 
form manner that won't scare off a shy Windows user? This 
area often needs attention, and we turn a blind eye because 
we're used to using apt or something similar. Are systems like 
apt really sufficient though? What if the program | want to 
install isn't within a distributions’s archive? What if it's too old? 
What if | want a newer version than my distribution’s archive 
provides, without upgrading a gig’s worth of my whole system 
to satisfy all the other niggling dependencies? What if my 
distro dies off and its archives disappear? What if | simply want 
to do the same thing on each system? 

Zero Install is the next in line for tackling this issue where 
projects like Autopackage failed, but will it tickle the fancy of 
the larger Linux audience? 

Installation Thankfully, a large number of binaries are 
available, and they will probably cover your system's needs. 
| grabbed the Etch .deb, and it worked without any has- 
sles. If your system isn’t covered though, the site includes 
a source tarball that contains a Python script, plus instruc- 
tions on how to use it. There aren’t any real obscure 
dependencies, so chances are the base package will install 
without any issues. 

Usage Initial usage is more of a command-line affair, 
which puts the Zero Install System in a different league from 
Autopackage immediately. Once the Zero Install Injector has 
been installed, you can install packages simply by typing 
@launch and pasting the URL of the package into the shell 
after it. However, finding the page of available packages took 
me a minute—it’s available at Oinstall.net/injector-feeds.html. 
Once you've found a package that interests you, copy the URL 
of the package and do as follows: 


$ Olaunch http://insertyourURLhere 


An installer window will pop up, displaying the package 
name and any dependencies you may require. In a few 
seconds, a window may appear, presenting you with a 
trust key (a GPG signed key), asking you whether to allow 
this key to run, which is similar to when your browser asks 
whether to accept a site's Authentication Certificate. As 
there aren't a great deal of packages available yet, trusting 
these keys is fine for now, but should they become popu- 
lar, you will want to examine closely the key presented. 
Once the key business is out of the way, press Run, and 
the download of the new package will start along with any 
other dependencies. Once the download has finished, the 
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Figure 2. Zero Install presents an interesting trust key. 


Quelp 


new program should launch right away. If not, any error 
messages will appear in the shell. 

This is all okay for the first time, but any other attempts to 
run the new program will require the same arduous steps each 
time. Thankfully, with some clever scripting, a local link is 
made that puts a filename into your path without the need for 
root privileges. It will require you to enter the URL once more 
though, coupled with the command @alias and your chosen 
alias name, as follows: 


$ Oalias alias http://insertyourURLhereagain 


As a real-world example, | had success with a game called 
Barrage, and the shell input looked like this: 


$ Oalias barrage 
http://people. freenet.de/LinuxCNC/Oinstall/barrage 


Now | can run the program in the future simply by entering 
barrage at the command line. Included on the package page 
is a selection of tools for simplifying some of these tasks, but 
the above steps are still required for installing them. 

Zero Install definitely has an interesting interface with 
its own unique take on distro-independent packaging. I’m 
guessing many people will be turned off by the command- 
line nature of this beast, especially with the copying and 
pasting from a Web browser (command lines and GUls 
have never made the best of comrades). Also, many of the 
tools seem to be based on the Rox file manager—a great 
lightweight system but still relatively obscure to the larger 
Linux audience. 

Personally, | mourn the demise of Autopackage, an 
outspoken project that received a great deal of hostility 
from the traditional distro packagers, such as Debian, 
that ultimately sparked its demise. Other similar projects 
take a more pragmatic approach—some with a more 
“Windowsy” installer (not necessarily a bad thing), others 
as unique as this one. Zero Installer may gain popularity 
simply by not being Autopackage and subsequently not 
angering the apt-get overlords. However you see it, | hope 
all these distro-independent packaging projects are send- 
ing a message to the developer com- 


After extracting the archive and entering the new directory, 
doing a standard: 


$ ./configure 

$ make 

(if not root) $ su 
# make install 


worked with no issues, and probably will do the same for you, 
as it doesn’t have a large amount of dependencies. 
Usage The general usage is simply: 


$ deco filename.tar.gz 


That's about all there is for most people—short and sweet. 
But, what tricks lie under the hood? There are all sorts of neat 
optimizations. 

For instance, usually Linux projects are placed in a 
directory within an archive to keep source directories from 
becoming cluttered. Unfortunately, archives sometimes 
have files placed straight in them, without being placed in 
a directory. This fills up your source directory with all sorts 
of unwanted files that also may be overwritten. deco 


munity that not everyone is happy 
with the idea of being reliant on 
repositories, and a major change is 
required soon in software installation 
methods. This issue won't go away. 
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deletes archives after extraction, it Kentsfield 
extracts relative to the current working 
directory, and it extracts just verbosely $100 
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enough, all unless explicitly requested 
otherwise). It provides automatic han- 
dling of extractor gotchas by creating 
an extraction directory if there is more 
than one file or directory at the archive 
top level and by being able to fix 
strange permissions. Dozens of archive 
file extensions are supported out of the 
box, and adding support for others 
requires very little work.” 

Installation At the time of this 
writing, deco is available only as a 
source tarball: however, installation is 
easy and unlikely to cause any hassles. 
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Figure 3. deco is probably the easiest archive extractor I've used. 


places an archive’s extracted contents within a directory 
to keep things clean. Cleverly, if an archive already has its 
contents contained within a directory, deco extracts the 
archive as is. If not, deco places them within a directory 
named after the filename, minus its extension. 

For example, if | had a file called tuesday-jam-session.tar.gz, 
deco would place the contents under the directory tuesday- 
jam-session. 

If you want further control, such as deleting the archive 
after extraction and so on, this also is possible with a 
series of command-line switches, available on the project’s 
Web site. Even if you're happy with the way it works 
already, it's worth reading the site to see some of the other 
options available, and also what neat tricks and shortcuts 
lie under the hood. 

Something to keep in mind is that the deco project 
doesn’t try to re-invent the wheel—it isn’t monolithic. It’s 
reliant on having the necessary external extraction tools 
available, such as unrar for .rar files and so on. However, 
this is the approach taken by most archive tools, so most 
people expect that anyway. Nevertheless, it wouldn't take 
a great deal of work to include all these external programs 


in one big package, so any enthusiasts of the project may 
want to do just that. Although it’s currently available only 
via source, hopefully it will make it into most distro 
archives soon. 

Overall, deco is a lovely little program that is likely to save 
many a tired, caffeine-fueled coder some midnight grief and 
make computing just that little bit nicer. 


orDrumbox (www.ordrumbox.com) 

orDrumbox is a small, Java-based drum-machine applet 
that runs on Linux, Windows and Mac OS X. Designed less 
for the drummer and more for the desktop DJ, orDrumbox 
quickly makes funky mid-tempo electronic tunes with beats 
and inserted samples. Developed using Java, this drum 
machine is highly portable and lightweight, which is ideal 
for DJ enthusiasts jumping between machines and showing 
their friends. 

Installation As far as packages go, the only Linux 
binary available is an .rpm (not handy as | have a Debian- 
based system). Source code is available, but it is zipped 
and for Java, and not everyone will have a compatible 
compiler. | downloaded the .rpm and converted it to a 


OrDrumbox 0.7.05 - empty song (Kit resources/orSongPack/orDrur 


Figure 4. Surprisingly, just clicking randomly probably will make a 
halfway decent beat. 


spe, gia Check to See If a Script Was Run as root 


If you have scripts that need to be run as root, you can check 
for this at the start of the script with: 


if [[ $UID -ne © ]]; then 
echo “Must be run as root" 
exit 1 

ital 


If you use sudo, you even could restart the script with sudo 
if it was not run as root: 
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if [[ $UID -ne © ]]; then 
sudo -p "Restarting with sudo. Password: " sh $0 $* 
stat=$? 
exit $stat 

fi 


The sudo command runs the script as sh $0 $*. The 
sh is included in case the script does not have the execute 
bit set. 
—MITCH FRAZIER 


Designed less for the drummer and more for the desktop DJ, orDrumbox quickly 
makes funky mid-tempo electronic tunes with beats and inserted samples. 


.deb using alien, which is not difficult; check the alien man 
page for more info. Thankfully, it converted and installed 
with no major issues. When | started the program though, 
it required a particular version of Java, jpackage-utils (see 
www.jpackage.org, also available on rpmfind.net). This 
had no Debian file either, so | had to use alien on this 
package too. Luckily, there were no complaints here either, 
and after these two steps, the program simply worked. 
Usage To start the program, enter orDrumbox.sh into 
your shell. If all goes well, the program now should be 
working. If you look in the top half of the orDrumbox 
screen, there should be a window called Pattern 0 (Edit)— 
this is where most of your work will happen. If you look to 
the right of the box containing a 4 at the top of the win- 
dow, you'll see a gray and yellow box. Hover your mouse 
over it, and it will say, “create new track”. Press this a 
large number of times (14 and up for the default drum 
kit), as each line creates a new instrument with which to 
play. On the left of each line are the 


and the biggest limitation is that it’s limited to 120BPM. 
This is enough for most electronic and dance music, but 
it’s unsuitable for genres like punk, speed metal and so on. 
The sounds that are provided with these kits really are 
geared for more electronic genres anyway and will sound 
strange with anything rock-based, so those into fast rock 
genres will want to stick with something like Hydrogen. 
Overall, this is a fun little utility that will find its way into 
the hearts of many a home DJ.— 


John Knight is a 23-year-old, drumming- and climbing-obsessed maniac from the world’s most 
isolated city—Perth, Western Australia. He can usually be found either buried in an Audacity 
screen or thrashing a kick-drum beyond recognition. 
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volume and so forth. On the right is 
the Note Editor area. 

With the Note Editor, double-click 
any of the boxes, and they will change 
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The green tells you what note will be 
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bottom to top, the other from left to 


Redefining the User Experience 


PEG® GUI Development Tools 


right. The bottom-to-top slider controls 
the note velocity, and the left-to-right 
slider determines the note and octave 
played (or the pitch). It defaults to C2, 
but it can be tuned up or down 
accordingly. Click randomly in any of 
the boxes, then click the large play 
icon in the bottom center of the 
screen. A beat will start playing—prob- 
ably a strange one. Try changing the 
pitch and velocity randomly, as well as 
adding new notes and removing old 
ones to see how it affects the beat. To 
remove any notes, simply right-click in 
the note’s box and choose delete note. 
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create whole songs. Check the manual 
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able too. There are some limitations 
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Running Ubuntu as a Virtual 
OS in Mac OS X 


Our intrepid writer installs and tests Ubuntu Linux within both VMware Fusion 
and Parallels Desktop on Mac OS X. Can you really run both Linux and Mac OS X 
simultaneously and achieve nirvana? DAVE TAYLOR 


Let's start right off by tackling the most pertinent question 
for this article: why the heck would someone want to run 
Linux on a Mac system that already has a very nice Linux distro 
hidden beneath Mac OS X? Built atop NetBSD, there's quite a 
bit of Linux sitting there waiting to be utilized in the system, 
including niceties like crontab, robust account management 
and much more. 

Go to Applications—Utilities, and you'll even find X11, a 
tightly integrated version of the popular Linux windowing sys- 
tem that plays nicely with the graphical interface that defines 
the so-called Mac experience. What more could a geek want? 

The best answer is simply to quote Sir Edmund Hillary, or 
perhaps misquote him slightly. Why run Linux on a Mac? 
“Because you can.” If it just feels too wacked to you, take a 
deep breath and proceed to the next article in the magazine— 
no harm done. 

Still with me? Great. So let's look at the two ways you can 
run Linux. You can set up a Mac to dual boot, using Apple’s 
Boot Camp system, which is included with Leopard 10.5 and 
available for download if you're still running Panther (10.4) 
from Apple's Web site, but somehow that seems clunky at 
best given the great virtualization capabilities on modern 
Apple hardware. As a result, I'm going to focus on getting 
Linux up and running simultaneously with running Mac OS X. 

Two robust applications let you run another operating 
system within a virtual environment on your Mac: Parallels 
Desktop and VMware Fusion. The former is a Mac-only 
company, but the latter might well be familiar to those of 
you who have run Windows within Linux or Linux within 
Windows, and so on. I've personally used both products 
for many years. 

| settled on Ubuntu, a Linux distro that has been gaining 
market share during the past few years and is one of the 
most popular available. It's also preconfigured for both 
Parallels and VMware Fusion, so that makes it even better. 
Free operating systems (that is, anything but Microsoft 
Windows) can be downloaded easily from vendor sites as a 
preconfigured data image, alleviating the need to install 
anything at all—simply download. 

Both companies refer to these operating system data 
images as virtual appliances, and | do so throughout the rest 
of this article too. You can find Parallels’ virtual appliances at 
ptn.parallels.com, and VMware Fusion’s virtual appliances are 
at Www.vmware.com/appliances. 


80 | may 2008 www.linuxjournal.com 


VMware Fusion Download 

Each repository is impressively broad. For example, the 
VMware Fusion catalog offers you the ability to download 
Ubuntu 8.04 alpha 1 or 2, Gentoo 2007.0, PCLinux S, 
GEubuntu 7.10, OpenSUSE AlphaO, Ubuntu 7.10 Jeos with 
VMware tools already installed, Linux Mint 4.0 Daryna, and 
many more Linux distributions, all configured and ready to go. 
Perhaps even more interesting, you also can download gOS 
1.0.1-bagvapp, described as “Google-Wal-Mart’s Ubuntu 
Gutsy-based OS for ‘Green PC’”. What Wal-Mart's doing 
with its own Linux distro, | will leave for another article. 

| downloaded Ubuntu 7.10 (Gutsy Gibbon) Desktop— 
English for VMware Fusion (657MB). Interesting to note, 
the description states, “perfect to test drive Ubuntu or as 
a secondary operating system running within Windows.” 
Windows? We'll see how portable these operating system 
virtual appliances are | guess. At least it includes a useful 
set of apps: OpenOffice.org 2.3, Firefox 2, Evolution 2.12, 
GIMP 2.4, GCC 4.2.1, GNOME 2.20 and X.Org 7.2, all 
atop Linux kernel 2.6.2. 

Downloading files of this size takes us into the world of 
file sharing: you either can download a single monolithic file 
in RAR format (RAR stands for Roshal Archive, named after 
inventor Eugene Roshal) or grab the same file through 
BitTorrent, which requires a BitTorrent client. | strongly recom- 
mend the latter, and | recommend Transmission as the client to 
use (transmission.mOk.org). It took me a little less than two 
hours to download this file. 


Parallels Desktop Download 
While the Fusion Virtual Appliance was slowly chugging down 
the pipe and | was waiting for the black helicopters of the 
MPAA or RIAA to show up and kick in my door (just kidding, 
mostly, on that last one), | popped over to the Parallels virtual 
appliance directory. Although better organized, it had consid- 
erably fewer appliances available, and there was, in fact, only 
one reference Ubuntu option, described simply as Ubuntu 
Desktop. Digging a bit further revealed that it was version 
7.04 and was helpfully described as “The virtual appliance 
is the default Ubuntu Desktop Linux installation. There are 
various GNOME-based applications.” 

That’s what | wanted, nonetheless, and at 727MB it was 
broken into either four 199MB RAR files (yeah, that doesn't 
add up to 800MB, but you know what | mean) served 


up by hyperfileshare.com or eight files of 100MB from 
rapidshare.com. | have to say that this is a significant mistake 
on the part of Parallels, as these file repositories are confusing, 
and not having the file accessible through the BitTorrent 
network is a massive drag. The download is more of a has- 
sle, although it downloaded faster: less than an hour when 
|, uh, borrowed the network connection at the local café. 
The biggest problem is that downloads cannot be resumed, 
while BitTorrent is designed to handle frequent outages, 
which effectively means you never need to download the 
same byte twice. 

An important thing to note when you do download these 
virtual appliances is the default user account and password 
for the OS. For the Parallels virtual appliance, it's ubuntu 
and the password is 123, and for the VMware Fusion virtual 
appliance, it's jars, with the password jars. Forget those and 
you'll be digging through your Web browser history to find 
the pesky information. 


Unpacking Virtual Appliances 

While everything was downloading, | made sure | had down- 
loaded and installed both apps properly, VMware Fusion 1.1 
and Parallels Desktop 3.0 Build 5582.0. Both offer fully 
functional 30-day demo licenses, so you can try Ubuntu 
in both environments without paying a dime. | used fully 
licensed commercial versions of the two programs, but 
they're functionally identical. 

Once the virtual appliance files were downloaded, as 
shown in Figure 1, it was time to unpack them and double- 
click to see what would happen. Remember, Macs are the 
computers for the rest of us, so it really should be this easy if 
the vendors have done their work correctly. 
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’ 657.4 MB 
» SHARED 
¥ PLACES 4 ubuntu-7.04.tar.part1.rar 
[El Desktop ear | 199 MB 
@ taylor 
?» Applications ubuntu-7.04.tar.part2.rar 
(5 Cool Stuff 599 8 
“Y Documents 
Eq movies ubuntu-7.04.tar.part3.rar 


» SEARCH FOR 


ubuntu-7.04.tar.part4.rar 
136.9 MB 


" 

ca 
| 

Cy 199 MB 
" 

nan | 


5 tems, 55.44 GB available 


Figure 1. Both the VMware Fusion and Parallels Desktop virtual 
appliances download as RAR archives, easily handled with Mac OS X. 
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INDEPTH 


Could not extract the file “Ubuntu 7.10 - FN/Ubuetu vmdk" The 
archived file is corrupted 


D Apply to all (stop) (Continue) 


Figure 2. The first Ubuntu virtual appliance download for Fusion was 
corrupted, which is darn frustrating after waiting for a 657MB download 
to complete. 


Extracting “ubuntu-7.04.tar.partl rar” 


wountu-7 04 tar oz 


Figure 3. It's always exciting to watch a progress bar. This one shows 
Parallels Desktop virtual appliance Ubuntu 7.04 unpacking from the 
RAR archive into a .tar.gz file. 


To unpack the RAR archives, | installed and used an 
application called The Unarchiver, which you can grab from 
www.versiontracker.com, among other places. | encoun- 
tered a glitch while unpacking VMware, as shown in Figure 
2. | optimistically clicked on Continue, but it didn’t work. 
None of the files extracted were larger than a few dozen 
KB. Plan B was to download a different Ubuntu virtual 
appliance, Ubuntu Gutsy Gibbon 7.10 Desktop. And this 
time, it didn’t use BitTorrent, so | watched it slowly down- 
load a 468MB image, just to find an archive file ending 
with .7z, which I'd never seen before. The Unarchiver 
claimed to deal with 7z archives, but rejected this as cor- 
rupted too. Before | gave up though, | downloaded yet 
another app, 7zX, and after almost 20 minutes, it 
unpacked successfully. 

Although the Parallels download comes in four parts, 
with cheery names like ubuntu-7.04.tar.part1.rar, RAR- 
friendly apps like Unarchiver automatically concatenate 
the files. The end result is ubuntu-7.04.tar.gz, which can 
again be double-clicked on and unpacked to ubuntu- 
7.04.tar, which again unpacks (why am | reminded of 
Russian nesting doll puzzles), finally, into the files we seek. 
The end result is a folder called ubuntu that contains all 


Why run Linux on a Mac? 
“Because you can.” 


the necessary files. You can see the files unpacking properly 
in Figure 3. 

Now it's time to double-click on the virtual appliance 
images and see what happens. In the case of Parallels, | 
clicked on ubuntu.pvs, and about a minute later, | was 
presented with the login window shown in Figure 4. 
| logged in, and it all looked great, but there was no 
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Figure 5. Parallels Desktop running Ubuntu within the Mac OS X world, 
logged in, on the network and quite usable. 


network connection, which was solved by changing the 
network option in Parallels Desktop itself from bridged to 
shared networking (NAT), then clicking network connection 
on the Ubuntu menu bar. A few seconds later, and you can 
see the results in Figure 5. 

With the VMware Fusion archive, it wasn’t as obvious 
what needed to be double-clicked to get started, but 
Ubuntu-7.10.vmx seemed like a good choice. It worked, as 
shown in Figure 6, but notice that the window was far big- 
ger than the Fusion parent window. Additionally, VMware 
Fusion complained that the VMtools hadn't been installed, 
which was a surprise given that it’s a download | found at 
the VMware site. Also, the account and password pair did- 
n't work, because it was a different VA image from what | 
originally had planned. | guessed and lucked out: ubuntu 


Figure 6. VMware Fusion running Ubuntu. By default, the Ubuntu 
virtual appliance had a ridiculously high resolution set, far bigger 
than the Fusion window itself. You can see that by how the login 
prompt isn’t centered. 


Figure 7. VMware Fusion running Ubuntu within Mac OS X. Once 
tweaked, it worked perfectly in the virtualization environment. 


and ubuntu worked, and after fussing with screen resolu- 
tion settings—but not having to tweak the network set- 

tings—I had Ubuntu working within VMware Fusion too, 
as shown in Figure 7. 


Did It Work and Was It Worth It? 

In the end, | did have a fully functional Ubuntu Linux 
running within each of the two virtualization environ- 
ments—one was sufficiently fast that when | put it into 
full-screen mode on my 2.3GHz MacBook Pro running 
Mac OS X Leopard 10.5.1, | really could use it for editing 
documents, surfing the Net and experimenting with 
Ubuntu and Linux graphical apps. In fact, | was rather 


Remember, Macs are the computers 
for the rest of us, so it really 
should be this easy if the vendors 
have done their work correctly. 


surprised by how snappy the operating system was within 
these environments, as I'd run Microsoft Windows XP 
and Windows Vista within the virtualization world and 
had found it functional, but not comparable to a real PC. 
Linux within the virtualization world, however, was quite 
pleasantly snappy and very usable. 

This leaves us the fundamental question with which 
we started, why? If you have a logical reason to run a 
full Linux distro on your Mac for testing or experimenta- 
tion, or to gain access to applications not otherwise 
available within the Mac OS X world, this is a satisfying 
path to travel.m 


Dave Taylor has been involved with UNIX and Linux since 1980 and was a contributor to BSD 
4.4, among other distributions. He runs a popular tech blog at www.AskDaveTaylor.com and 
also writes the shell scripting column Work the Shell for Linux Journal. You can reach him 
on-line at www.intuitive.com. 


ue, ig Extract Images from PDF Files 


If you want to extract images from a PDF file, you 
can use the pdfimages program from the poppler 
package. To extract the images from an entire file, 
run the command: 


pdfimages input.pdf image-root 


If you want to extract images from a range of pages, 
you can use the -f and -I options to specify the first and 


last pages in the range. To extract the images from pages 
two to four, use the command: 


pdfimages -f 2 -1 4 input.pdf image-root 
Images are written to files named image-root-nnn.xxx, 
where nnn is an image number and xxx is the image type 


(for example, jpg). 
—MATTHEW MARTIN 
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Mobile IPv6 with Linux 


Augmenting IP with movement awareness. 


Free software is freedom, and so is mobility. In an age of 
embedded devices, nomadic users and omnipresent wireless 
connectivity, augmenting the venerable Internet Protocol (IP) 
with movement awareness and adaptability is due. IP’s founding 
architects designed it with the assumption that the Internet 
node is static. This simplified the design by enabling a single 
field, the IP address, to signify both location and identity. A 
sending machine refers to a receiving one by the IP address 
(the identification role), and routers in the network use the IP 
address to direct traffic to the right path (the topological role). 
In this age of portability and nomadicity, this conflation of 
functions introduces a contradiction. For routing to do its job, 
the address needs to change according to the location; for the 
address to be used as an identifier, it must remain fixed. 

Mobile IP (MIP), an extension of IP, provides a solution for 
that problem. The Internet Engineering Task Force (IETF) has 
been actively developing MIP for both |Pv4 and IPv6 since the 
1990s. The Mobile IPv6 (MIPv6) standard advanced from draft 
status to Proposed Standard (PS) status in 2004. Since then, 
optimizing and securing MIPv6 has become an active standard- 
ization and development area. A cost-effective, flexible and 
insightful vehicle for getting hands-on experience with MIPv6 
is to experiment with the Mobile IPv6 for Linux (MIPL) package 
that the Helsinki University of Technology (HUT) has been 
developing since 1999. 

The purpose of this article is to get you, the brave roamer, 
primed in MIPv6 by experimenting with MIPL. It assumes basic 
understanding of IPv6 and wireless LAN networking, and it 
consists of two parts: the first introduces MIPv6, and the 
second introduces MIPL. 


MIPv6 
IP mobility means the ability to handle movement gracefully. 
Movement, in the context of MIP, is an event or an operation 
that causes a machine to change its IP address. It is a move- 
ment from one IP subnet to another. Physical movement could 
cause it, but that isn’t the only way a machine could “move” 
in the context of MIP. At the same time, physical movement 
doesn’t necessarily translate to a network layer movement. 
Movement within a single wireless cell, for example, doesn’t 
cause a subnet change and, thus, isn't movement from MIP’s 
perspective. Movement is problematic for traditional IP. It 
forces a machine to change its IP address so as to belong 
to the new subnet to which it has just moved. Movement 
changes the machine's identification. It tears down TCP 
connections, such as Web-browsing sessions, because the IP 
address is one of the parameters that identifies a TCP connec- 
tion. This makes for a rough roaming experience, as sessions 
have to be re-established each time a handover happens. 

MIP deals with movement by decoupling identity from 
location. MIP provides each Mobile Node (MN) with two 
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addresses: a permanent (long-term) address that embodies 
identity, called the Home Address (HoA), and a temporary 
(short-term) address that embodies location, called the Care-of 
Address (CoA). The HoA remains fixed, while the CoA freely 
changes according to the location of the node. MIP provides a 
mechanism to map between the two addresses dynamically. A 
moving machine (Mobile Node) changes its CoA each time it 
moves from one subnet to another, but it maintains its HoA 
and uses it to provide any node communicating with it, called 
a Correspondent Node (CN), with a stable destination address. 

The mapping between the HoA and the CoA is called bind- 
ing and is the central concept underlying MIP. The message 
that establishes the binding is called a Binding Update (BU). 
A table that tracks bindings is called a Binding Cache (BC). 
Sending Binding Updates and maintaining Binding Caches is 
the essence of MIP. All other aspects of the MIP protocol are 
to scale, secure, optimize and generally enhance the way 
bindings are established and used. 

To provide a concrete description of MIP, let's look at the 
interactions between the participants in MIP in its most basic 
mode of operation (without Route Optimization). At its home 
network (home link), the MN uses its address (the HoA) in the 
standard fashion. MIPv6 kicks in upon movement detection. 
When the MN notices that its current default router has disap- 
peared (it can no longer hear the router's advertisements) and 
that a new router is now chirping, it concludes that it has 
“moved” and uses the new prefix (subnet ID) to configure a 
new address (a new CoA) that belongs to the new subnet. It 
then sends a BU to a special router on the home link, called 
the Home Agent (HA), telling it that the HoA it “owns” is 
now bound to that new CoA. The HA records the mapping 
between the HoA and the CoA in its BC. Adding an entry to 
the BC is called registration. Traffic destined to the HoA, from 
any CN on the Internet, is routed to the home network 
because the HoA topologically belongs to it. There, the HA 
intercepts it and tunnels it to the MN’s CoA address registered 
in the BC. Return traffic is reverse tunneled from the MN back 
to the HA and then sent from the HA to the CN. This way, the 
MN becomes always addressable by its HOA. 


MIPL 

MIPL consists of two components: a kernel-space component, 
in the form of a kernel patch, and a user-space component, in 
the form of a Mobility Deamon (mip6d). The daemon imple- 
ments most of the functionality. It discovers location, detects 
movement, sends and processes BUs and maintains the BC. 
The MIPL patch provides the kernel support required for the 
dzemon to perform those functions. The MIPL patch adds, for 
example, support for the Mobility Header protocol (MH), 
which is the IPv6 extension header that transports BUs and 
Binding Acknowledgments (BAs) and other binding-related 
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messages. In addition to the MIPL package, we'll need to 
install the Router Advertisement Daemon (radvd), as MIPv6 
relies on the auto-configuration provided by router advertise- 
ments to detect movement and configure CoA addresses 
among other mobility-related tasks. 

To explore the basic operation of MIPvé6, let’s use MIPL to 
create a simple MIP network consisting of two MIPL-patched 
Linux machines: a router, called denali, and a laptop, called 
raven. The laptop is a typical x86 machine that has a single 
802.11b wireless interface and will be our MN. The router is a 
fanless, headless, single-board computer (Soekris Net4521) 
that has two 802.11b wireless interfaces, each hosting a 
different wireless network (ESS/Extended Service Set) and a 
different subnet. One router interface will be acting as the 


HA, and the other will be acting as a visited (foreign) network. 


Figure 1 shows the two machines used, and Figure 2 shows 
the logical setup. 


Figure 1. Mobile Node Laptop and Its Home Agent on Top of It 


z Home Agent (HA) 


wland | | wlanl 


Denali 
2001: db8: : /64 y 2001 :db8:1:/64 
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remote 


wlanOd 
+ 2001: db8:0:205: Sdff: fef2:db2b/64 
flome Address: 2001:db8: :beef/64 


ip6tnl1 


Mobile Node (MN) 
Home Address: 
2001: db8: :beef/64 


Figure 2. The MN on the Home Link (before Moving) 
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For simplicity, let's leave out advanced configurations, such 
as IP Security (IPsec) and Route Optimization (RO), and establish 
only the most basic MIP setup. We'll not use a standalone CN. 


Installation—Kernel-Space 

Installing the kernel part of MIPL for both the HA and the MN 
is exactly the same. First, download the kernel source tree 
against which the latest MIPL patch was taken (2.6.16, in my 
case), and patch it with the MIPL patch (version 2.0.2, in my 
case). Configure the kernel with the features needed for each 
machine, ensuring that the following configuration features 
are included (the script chkconf_kernel.sh, included in the 
MIPL user space tarball, can do the checking for you): 


m NET_KEY, NET_KEY_MIGRATE, XFRM and XFRM_USER 
XFRM_ENHANCEMENT: those add Internet Key Exchange 
(IKE) support that is needed for dynamically configuring 
IPsec. IPsec can be used optionally to secure MIPv6. 


m@ IPV6_MIP6: this adds support for the Mobility Header (MH) 
protocol and the other IPv6 protocol extension headers 
MIPv6 demands. 


@ IPV6_ADVANCED_ROUTER: this enables the selection of 
advanced routing capabilities, such as policy routing. 


m@ |PV6_MULTIPLE_TABLES: this adds support for policy routing, 
an advanced routing feature that enables routing based on 
fields other than the destination address. 


m |PV6_SUBTREES: this adds source routing support, which is 
needed for sending traffic directly to the Mobile Node 
(without passing through the Home Network) when MIP is 
operating the Route Optimization (RO) mode. 


m@ IPV6_TUNNEL: IPv6 in IPv6 tunnel, which is needed for the 
HA to MN communication. 


Build, install and reboot into the new kernel: 


[raven]# wget 
http://www.kernel.org/pub/1linux/kernel/v2.6/linux-2.6.16.tar.bz2 && 
tar -jxf Linux-2.6.16.tar.bz2 && 

gzip -d mipv6-2.0.2-lLinux-2.6.16.patch.gz && 

cd Linux-2.6.16 && patch -pl < ../mipv6-2.0.2-Linux-2.6.16.patch && 
make menuconfig 

[raven]# make && make install 


Installation—User-Space 

To build the Mobility Daemon, follow the steps you would do 
for any autotools built package: unzip, untar, cd to the directory 
of the package, ./configure, make and then make install 
(read the included INSTALL document for the details). Follow 
the same procedure for building and installing the Router 
Advertisement Daemon, radvd. With that finished, you should 
have both MIPL components (kernel and user-space) and radvd 
installed, and you now are ready to start configuring. 
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Configuration 

To start off simply, let's begin without Route Optimization (RO), 
without IPsec and with a manually configured HA address in 
the MN. Once we have the basic setup working, we can 
enhance and expand it incrementally. Keep in mind that in the 
real world, like on the Internet or in enterprise networks, RO 
and IPsec are essential. In production networks, you also might 
desire other extensions, such as Fast Mobile IPv6 (FMIPv6) or 
Hierarchical Mobile IPv6 (HMIPv6), although those aren't 
implemented by MIPL. 


channels apart to avoid inter-cell interference. 

Our next step is to configure the Layer 3 (Network 
Layer) parameters. This includes addressing, configuring 
the Router Advertisement Daemon and configuring the 
Mobility Daemon. To configure addressing, use the commands 
shown in Listing 2. 

To configure router advertisements, edit the /etc/radvd.conf 
file, as shown here: 


interface wlanQ@ 


Let's configure local parameters first, then Layer 2 parameters { 
and finally Layer 3 parameters. AdvSendAdvert on; 
First, let’s do the Home Agent configuration (denali), Host AdvIntervalOpt on; 
State (sysctl). At the outset, we need to put the HA in the right 
state of mind and configure the HA machine to operate as a MaxRtrAdvInterval 10; 
router, So we need to turn on packet forwarding. We'll do this MinRtrAdvInterval 1; 
by setting the variable /proc/sys/net/ipv6/conf/all/forwarding, MinDelayBetweenRAs 1; 
using one of the following two commands: AdvHomeAgentFlag on; 
[denali]# echo "1" > /proc/sys/net/ipv6/conf/all/forwarding prefix 2001:db8::/64 
[denali]# sysctl -w net.ipv6.conf.all.forwarding=1 { 
AdvOnLink on; 
You could make those settings permanent across reboots AdvAutonomous on; 
by editing /etc/sysctl.conf. AdvRouterAddr on; 
Now, let's configure Layer 2 (the Data Link Layer) parameters ie 
(Listing 1). We'll assign each wireless interface a different wire- }; 
less network ID (ESSID) and sufficiently space their frequency 
interface wlanl 
{ 
AdvSendAdvert on; 
Listing 1. Configuring the Data Link Layer—Home Agent AdvIntervalOpt on; 
[denali]# iwconfig wlanO essid "home" channel 3 MaxRtrAdvInterval 10; 
[denali]# iwconfig wlanO essid "remote" channel 8 MinRtrAdvInterval 1; 
MinDelayBetweenRAs 1; 
[denali]# iwconfig wlan® ; iwconfig wlanl AdvHomeAgentFlag off; 
wland IEEE 802.11b ESSID: "home" prefix 2001:db8:1::/64 
Mode:Master Frequency:2.422 GHz Access Point: 00:02:6F:06:0B:CF { 
Bit Rate:11 Mb/s Sensitivity=1/3 AdvOnLink on; 
Retry min limit:8 RTS thr:off Fragment thr:off AdvAutonomous on; 
Encryption key:off AdvRouterAddr on; 
Power Management: off re 
Link Quality:0 Signal level:0 Noise level:0 % 
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 
Tx excessive retries:97 Invalid misc:342 Missed beacon:0 In the stanza pertaining to wlanO, you 
can see that we have enabled router 
wlanl IEEE 802.11b ESSID:"remote" advertisements on the interface by setting 


Mode:Master Frequency:2.447 GHz 
Bit Rate:11 Mb/s Sensitivity=1/3 
Retry min limit:8 RTS thr:off 
Encryption key:off 

Power Management: off 

Link Quality:0 Signal level:0 Noise level:0 


Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 
Missed beacon:0 


Tx excessive retries:10 Invalid misc:6767 
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Access Point: 00:02:6F:06:46:10 


Fragment thr:off 


AdvSendAdvert. We also have configured 
the interface to operate as an HA by 
setting AdvHomeAgentFlag. The other 
wireless interface, wlan1, is configured 
similarly, except that AdvHomeAgentFlag 
isn't set. Note that the more frequent 
router advertisements are, the faster 
movement can be detected, but they 
generate more overhead. 


EVERYTHING 


ABOUT JAVA” TECHNOLOGY. AND SO MUCH MORE. MORE 


You won’t want to miss the JavaOne conference, the premier 
technology conference for the developer community. This year’s 
Conference presents the latest and most important topics and 
innovations today to help developers access even more 

richness and functionality for creating powerful new 


applications and services. 


LEARN MORE ABOUT 


e Web 2.0 


e Rich Internet applications 


¢ Compatibility and 
interoperability 
e Open source 


e E-commerce collaboration 


¢ Scripting languages 


Platinum Cosponsors 


AMD ¢1 


© MOTOROLA 


OF WHAT YOU NEED 
200+ technical sessions 
More than 100 


Birds-of-a-Feather sessions 


15 Hands-on Labs 


e Java Platform, Standard 
Edition (Java SE) 


e Java Platform, Enterprise 
Edition (Java EE) 


e Java Platform, Micro Edition 


Save $200 


on Conference registration! 


java.sun.com/javaone 
Please use priority code: J8PA5 


JavaOne™ Conference | May 6-9, 2008 


JavaOne™ Pavilion: May 6-8, 2008, The Moscone Center, San Francisco, CA 


ORACLE’ 


Cosponsors 

“n- = = 

Chea SUBSE, EER, _ INTERSYSTEMS 
“JBoss Microsoft NAVTEQ (Gj 


Copyright © 2008 Sun Microsystems, Inc. All rights reserved. Sun, Sun Microsystems, the Sun logo, Java, the Java Coffee Cup logo, JavaOne, JavaOne Conference, the JavaOne logo, Java Developer Conference, Java EE, Java ME, 


Java SE and all Java-based marks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in tl 


he United States and other countries. 


Now launch the router advertisement dzemon, 
radvd: 


[denali]# radvd -C /etc/radvd.conf 


Listing 2. Configuring the Network Layer Parameters—Home Agent 


[denali]# ifconfig wlanO inet6 add 2001:db8: :/64 


[denali]# ifconfig wlanl inet6 add 2001:db8:1::/64 


To configure the Mobility Deamon, we need to 
edit the /etc/mip6d.conf file, as follows: 


NodeConfig HA; wlanO 
## If set to > 0, will not detach from tty 
DebugLevel 0; 
## List of interfaces where we serve as Home Agent 
Interface "wlan0"; 
UseMnHalPsec disabled; 
Notice that we merely indicated that the machine 
is an HA and specified the interface that will be oper- wlan1 


ating as an HA. By launching the Mobility Daemon, 
the router is set to fulfill its duty as a faithful HA: 


[denali]# mip6éd -c /etc/mip6d -d 7 


Now, let’s move on to the Mobile Node 
Configuration (raven), Host State (sysctl). Just as 
with the HA, we'll start by establishing the mindset 
of the MN. First, we must configure the MN to 
accept Router Advertisements (RAs) to be able to 
configure a CoA and discover and track default routers 
on the link automatically: 


[raven]# echo "1" > /proc/sys/net/ipv6/conf/all/accept_ra 
[raven]# sysctl -w net.ipv6.conf.all.accept_ra=1 


To make the changes permanent across reboots, edit 
/etc/sysctl.conf. 

Next, let's configure Layer 2 parameters. We'll configure 
the MN as a wireless client (a managed wireless node) of the 
Home network: 


[raven]# iwconfig wlan® mode managed essid "home" 
[raven]# iwconfig wland 


IEEE 802.11b 
Mode : Managed 
00 :02:6F :06:0B:CF 

Bit Rate:11 Mb/s 
Retry min limit:8 


ESSID: "home" 
Frequency:2.422 GHz 


wlan@ 
Access Point: 


Sensitivity=1/3 
RTS thr:off Fragment thr:off 

Encryption key:off 

Power Management: off 

Link Quality=48/92 Signal level=-63 dBm Noise level=-100 dBm 
Rx invalid nwid:@ Rx invalid crypt:0 Rx invalid frag:0 

Tx excessive retries:0 Invalid misc:175 Missed beacon:0 
And, finally, let's configure Layer 3 parameters. We'll start 


by assigning the HoA to the wireless interface: 
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[denali]# ifconfig wlanO ; ifconfig wlanl 


Link encap:Ethernet HWaddr 00:02:6F:06:0B:CF 

inet6 addr: 2001:db8::/64 Scope:Global 

inet6 addr: fe8Q::202:6fff:fe06:bcf/64 Scope:Link 

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 

RX packets:0 errors:@ dropped:205 overruns: frame:0 
TX packets:204 errors:@ dropped:0 overruns:0 carrier: 
collisions:0 txqueuelen:0 

RX bytes:0 (0.0 b) TX bytes:27604 (26.9 Kb) 
Interrupt:11 Base address:0x100 


Link encap:Ethernet HWaddr 00:02:6F:06:46:10 

inet6 addr: 2001:db8:1::/64 Scope:Global 

inet6 addr: fe8Q::202:6fff:fe06:4610/64 Scope:Link 

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 

RX packets:0 errors:0 dropped:64 overruns:0 frame:0 
TX packets:207 errors:@ dropped:0 overruns:0 carrier:0 
collisions:0 txqueuelen:0 

RX bytes:0 (0.0 b) TX bytes:28068 (27.4 Kb) 
Interrupt:11 Base address:0x140 


[raven]# ifconfig wlanO inet6 add 2001:db8: :beef/64 
[raven]# ifconfig wlanO ; ifconfig ip6tn11 
wlan0 Link encap:Ethernet HWaddr 00:05:5D:F2:DB:2B 

inet6 addr: 2001:db8::beef/64 Scope:Global 

inet6 addr: fe80::205:5dff:fef2:db2b/64 Scope:Link 

inet6 addr: 2001:db8::205:5dff:fef2:db2b/64 Scope:Global 
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 

RX packets:141 errors:@ dropped:® overruns:0 frame:0 

TX packets:51 errors:@ dropped:@ overruns:@ carrier:0 
collisions:@ txqueuelen:0 

RX bytes:16094 (15.7 Kb) TX bytes:5592 (5.4 Kb) 
Interrupt:17 Base address:0x2100 
ip6tnil Link encap:UNSPEC 

>HWaddr 20-01-0D-B8-00-00-00-00-00-00-00-00-00-00-00-00 

imet6 addr: fe80::205:5dff:fef2:db2b/64 Scope:Link 

UP POINTOPOINT RUNNING NOARP MTU:1460 Metric:1 

RX packets:0 errors:0 dropped:@ overruns:0 frame:0 

TX packets:@ errors:@ dropped:0 overruns:@ carrier:0 
collisions:@ txqueuelen:0 

RX bytes:@ (0.0 b) TX bytes:0 (0.0 b) 


On the MN, an automatically created tunnel interface, 
called ip6tnl1 (IPv6 Tunnel 1), represents the tunneling process 
described above. This interface claims no global addresses 
when the MN is in the Home network and assumes the 
HoA when the MN is away. 
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The primary mobility configuration 
parameters are the Home Address (HOA) and 
the Home Agent (HA) address. To configure 
them, we need to edit the /etc/mip6d.conf 
file as follows: 


NodeConfig MN; 
DebugLevel 7; 


UseMnHalIPsec disabled; 
DoRouteOptimizationMN disabled; 
DoRouteOptimizationCN disabled; 


Interface "wlan0"; 

MnHomeLink "wlanO" { 
HomeAddress 2001:db8: :beef/64; 
HomeAgentAddress 2001:db8::; 


Operation 

Now the scene is complete, and we can start 
experimenting with mobility. Before we start, 
remember the following about MIP: movement 
detection is the trigger; binding updating (regis- 
tration) is the action. We'll start by letting the 
MN move, then check whether movement was 
detected. Upon witnessing movement detec- 
tion, we'll check whether a BU was established 
successfully. Figure 2 shows the network's state 
before moving. To simulate movement, we use 
iwconfig to switch the MN'‘s wireless interface 
from one ESS (wireless cell) to another: 


[raven]# iwconfig wlanO essid "remote" 


Upon moving, the wireless interface should 


acquire a new address, and a new default gateway should 


appear (Listing 3). 


Using a packet capturing tool (sniffer), such as tcpdump, 
we should see a different router appearing on the link. The 
Mobility Daemon log messages should indicate movement 
detection (md in the logs stands for movement detection). 
Now that the MN has detected movement and acquired a new 
CoA address, it should send a BU to its HA. A sniffer should 


be able to display the BU message as: 


IP6 2001:db8:1:0:205:5dff:fef2:db2b > 2001:db8::: 
=>DSTOPT mobility: BU seq#=54814 AH lLifetime=262140 
IP6 2001:db8:: > 2001:db8:1:0:205:Sdff:fef2:db2b: srert 
= (len=2, type=2, segleft=1, [0]2001:db8: :beef) 
“mobility: BA status=0 seq#=54814 lifetime=262140 


Listing 3. Moving 


. Before Moving (At the Home Network) 

[raven]# iwconfig wlanO | grep ESSID 
wland IEEE 802.11b ESSID: "home" 
[raven]# ifconfig wlanO | grep inet6 

inet6 addr: 2001:db8::beef/64 Scope:Global 

inet6 addr: fe80Q::205:5dff:fef2:db2b/64 Scope:Link 

inet6 addr: 2001:db8: :205:5dff:fef2:db2b/64 Scope:Global 
[raven]# ifconfig ip6tnll | grep inet6 

inet6 addr: fe80::205:5dff:fef2:db2b/64 Scope:Link 

[raven]# route -A inet6 | grep ::/0 
22/0 fe80: :202:6f ff: fe06: bcf 
UGDA 1024 0 0 wland 


Triggering Movement ... 
[raven]# iwconfig wlan® essid remote 


. After Moving (At the Foreign Network) 
[raven]# iwconfig wlanO | grep ESSID 
wland IEEE 802.11b 
[raven]# ifconfig wlanO | grep inet6 
inet6 addr: 2001:db8:1:0:205:5dff:fef2:db2b/64 Scope:Global 
inet6 addr: fe8Q::205:5dff:fef2:db2b/64 Scope:Link 

[raven]# ifconfig ip6tnll | grep ineté6 

inet6 addr: 2001:db8::beef/128 Scope:Global 

inet6 addr: fe80::205:5dff:fef2:db2b/64 Scope:Link 

[raven]# route -A inet6 | grep ::/0 


ESSID: "remote" 


278 

U 128 0 Q ip6tni1 

cari | Fe80: :202:6f ff: fe06:4610 
UGDA 1024 4 2 wland 


[raven]# 


Connected to localhost. 
Escape character is '‘]'. 
mip6d> bul 
mip6d> bul 
== BUL_ENTRY == 
Home address 2001:db8:0:0:0:0:0: beef 
Care-of address 2001:db8:1:0:205:5dff:fef2:db2b 
CN address 2001:db8:0:0:0:0:0:0 
lifetime = 262140, delay = 249033000 
flags: IP6_MH_BU_HOME IP6_MH BU ACK 
ack ready 
dev wlanO lLast_coa 2001:db8:1:0:205:5dff:fef2:db2b 
Lifetime 262136 / 262140 seq 19428 resend 0 delay 
249033(after 249030s) expires 262136 
mps 2 / 3 
mip6d> 


In addition, the Mobility Daemon should have a BU List 


Entry (BULE) that shows the HoA, CoA and HA addresses: 


[raven]# telnet localhost 7777 
Trying 127,0.0.1.... 
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displaying the HA’s BC: 


We can see whether the BU was received and accepted 
by looking at the HA’s Mobility Daemon log messages and by 
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[denali]# telnet localhost 7777 

mip6d> bc 

mip6d> bc 

hoa 2001:db8:0:0:0:0:0:beef status registered 
coa 2001:db8:1:0:205:5dff:fef2:db2b flags AH-- 
local 2001:db8:0:0:0:0:0:0 
lifetime 262068 / 262140 seq 19429 unreach 0 
>mpa 13133 / 13221 retry 0 

mip6d> 


As shown above, the Mobility Damon provides a virtual 
terminal interface to its internal data structures that you can 
access by a establishing a Telnet session to port 7777. Figure 3 
shows the network's state after moving. 
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Figure 3. The MN on the Remote Link (after Moving) 


Testing 

We can’t conclude a networking experiment without some 
action from our old crony ping. From the MN, we'll start by 
sending ping requests to the HA interface, while the MN is on 
the home link. We'll then move and see what happens. This 
exercise is shown as follows: 


[raven]# ping6 2001:db8:: 


64 bytes from 2001:db8::: icmp_seq=7 ttl=64 time=3.72 ms 
64 bytes from 2001:db8::: icmp_seq=8 ttl=64 time=3.70 ms 
ping: sendmsg: Invalid argument 

ping: sendmsg: Invalid argument 

ping: sendmsg: Invalid argument 

ping: sendmsg: Operation not permitted 

64 bytes from 2001:db8::: icmp_seq=13 ttl=63 time=142 ms 
64 bytes from 2001:db8::: icmp_seq=14 ttl=63 time=122 ms 


Note that in responding to ping requests, the HA interface 
is actually acting as a CN. Note how, upon the handover, the 
MN loses connectivity for some time, called the handover 
latency, and then re-establishes it. Note also how the delay 
increases tremendously as the MN moves. 
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A more interesting test is to use a program that sends 
video like VLC or GnomeMeeting and visually assess how 
smooth the handover is. Although the ultimate goal of 
MIPv6 is to achieve smooth and lossless handover, in reality, 
there is a blackout period during which packets are lost 
or delayed. Much of the effort put into developing and 
standardizing MIPv6 is to enhance the smoothness of the 
handover and ultimately achieve seamless handover. As 
with any other technology, realizing the limitations is as 
crucial as recognizing the value. 


Conclusion 

The Internet Protocol, merged nets into the global metanet 
we called the Internet. IP provided connectivity that is 
independent on the underlying hardware and the served 
applications. The homogeneous addressing of IP and its 
simplicity enabled it to scale. MIP’s goal is to bring to 
mobility the merits IP brought to connectivity. This means 
mobility that can scale to the size of the Internet, is appli- 
cation-independent and is available across heterogeneous 
wired and wireless access technologies. MIPL provides a 
free and flexible platform for you to participate in pursuing 
that vision. Happy and seamless roaming! m 


Salah M. S. Al-Buraiky is a communication engineer working for the Data Network Engineering 
Division (DNED) of Saudi Aramco. His interests include UNIX systems and datagram networks. He 
is particularly interested in “beyond connectivity services”, such as multicast, mobility, quality of 
service and IP security. He welcomes your comments at salah.buraiky.1@aramco.com. 
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RFC 3775, Mobility Support in IPv6 (the Base MIPv6 
Standard): www.ietf.org/rfc/rfc3775.txt 


RFC 3849, IPv6 Address Prefix Reserved for Documentation: 
www.ietf.org/rfc/rfc3849.txt 


MIPL Home Page: www.mobile-ipv6.org 


Linux MIPv6 HOWTO: 
tldp.org/HOWTO/Mobile-IPv6-HOWTO 


Peter Bieringer’s Linux IPvV6 HOWTO: 
Idp.linux.no/HOWTO/Linux_IPv6-HOWTO 


Linux IPv6 Router Advertisement Daemon (radvd): 
www.litech.org/radvd 


Updated, but Not Finalized, Linux MIPv6 HOWTO: 
gnist.org/~lars/doc/Mobile-IPv6-HOWTO/ 
Mobile-IPv6-HOWTO.html 


Linux Kernel Archives: www.kernel.org 


Sysctl Documentation: /usr/src/linux-2.6.16/Documentation/ 
networking/ip-sysctl.txt in the kernel source tree 
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Telephony, our theme this month, used to 
be a standalone utility. You got it from the 
phone company. The same went for cable 
TV. You got that from the cable company. 
Both were service monopolies—utilities, 
essentially. If you wanted something fixed, 
you called your sole provider, just like you 
called the water, gas or electric company. 

But, the Internet was different. The first 
ISPs piggybacked their Net connections 
over phone lines. They'd install banks of 
modems to call or rent a T1 or a T3 line 
from a telco or somebody with a “back- 
bone” connection and sell hunks of band- 
width on those. Now much of that old 
intermediation is gone, and most of us see 
the Net as something we get from the 
phone or cable company. 

As hot as the Internet is, and as impor- 
tant as it has become to nearly every activity 
you can name (business, medicine, educa- 
tion, science, culture and so on), the telcos 
and cablecos treat it as a third-banana ser- 
vice behind telephony and television. When 
they bundle all three together, they call it 
triple play. And the Internet comes third. 

In one of our features this month (see 
page 42), Bob Frankston talks about 
moving entirely past games like these. 
But, what to do in the meantime if we 
do want to play? Here near Boston, | have 
my own triple play of carrier choices: 
Comcast, RCN and Verizon. Out on the 
poles, Comcast wiring is coax. RCN and 
Verizon both deploy fiber-optic cabling. 
Sounds like an ideal competitive environ- 
ment, right? Well, not quite. 

At my elbow is the latest mailer from 
Comcast, a cable company. It pitches 
“Digital Cable + Phone + Internet”. 

For the third item, it offers “Comcast 
High-Speed Internet with PowerBoost”. 
Bandwidth is “up to 12Mbps!” No mention 
of upstream speed. 

The next two mailers are from RCN. 
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The first came just before the Super Bowl. 
RCN, which brags that it has been “all 
fiber optic for over a decade”, just pitches 
cable TV with this one—$35 for 12 
months. There's nothing about Internet at 
all. The second mailer pitches “10Mbps 
Blazing-Fast High-Speed Internet” and 
“100% Digital Cable TV”. Again, no 
upstream speed. 

| don’t use either one of them, though | 
checked both out when we started renting 
here last September. The main thing | care 
about is Internet connectivity, and for that, 
neither Comcast nor RCN competed with 
Verizon's fiber-optic FiOS. So Verizon got my 
business. From FiOS, I’m getting 20Mbps 
down and 5Mbps up. The best RCN could 
do on the upstream side (which mattered 
most to me) was 2Mbps. Comcast didn't 
even say what its upstream speed was. (I just 
checked again on-line, and it still doesn’t.) 

What's amazing to me is that Greater 
Boston—specifically in the areas served by 
Verizon with FiOS and RCN with its fiber 
cabling—is thick with people like Bob and 
myself, who care far more about Internet 
connectivity than about TV or landline 
telephone. We have lots of tech and cre- 
ative folks around here, in addition to the 
thickest concentration of educational 
institutions in the country, if not the 
world. Couldn't these carriers bother to 
customize better Internet offerings for a 
Net-savvy (and -hungry) local population? 

| guess they don’t have to. Even with 
hree competitors, there seems to be enough 
business to go around. They aren't ready to 
abandon the scaled efficiencies of offering 
he same thing to everybody, across the 
whole country. And, as Bob points out, the 
lywheels of Business As Usual at telcos still 
spin on momentum imparted by railroads in 
he Victorian Age. 

But, unlike Bob, | have some hope for 
hem. The time will come when the 


The Multiple Play 


Why “triple play” is an obsolete telecom offering. Doc SEARLS 


workarounds that Bob's talking about— 

especially from folks such as Linux Journal 
readers—will have the carriers looking for 
ways to make money other than by tiered 
pricing for usage alone. 

Is low-latency to servers an advantage? 
One can imagine applications where it 
would be. Well, these incumbent carriers 
not only have home connections, but also 
local real-estate holdings. They could provide 
Akamai-like low-latency Web services—or 
partner with the likes of Akamai to provide 
them. They could partner with Amazon's 
$3 and EC2 (both Linux-based) to offer 
local storage and compute back end. 

Offsite backup is going to be a huge 
necessity and, therefore, a cause for 
business offerings. Think about what will 
happen as soon as ordinary folks start 
demanding, shooting and cooperatively 
editing truly high-definition video. 
Storage, mirroring and the rest of it will 
all be helpful, if not required. 

Of course, the amount of business to be 
had here will increase with the openness of 
the Net itself. Today's crippled and asym- 
metrical throughput, based on the one-way 
model of television viewing, is a bug that 
needs to be squashed. So does the practice 
of blocking port 80 and otherwise prevent- 
ing or discouraging Web servers at homes 
and businesses. When that happens, every 
customer, every user, becomes a potential 
partner. By necessity. 

There is no limit to how many multi- 
ples of the current triple play will be made 
possible by a wide-open and free Internet. 
Here's hoping the carriers see that before 
they die under the rubble of their own 
fallen silos.m 


Doc Searls is Senior Editor of Linux Journal. He is also a 
Visiting Scholar at the University of California at Santa Barbara 
and a Fellow with the Berkman Center for Internet and Society 
at Harvard University. 
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MPI Link-Checker "to the Rescue! 


Asingle slow node or intermittent link can cut the speed of MPI applications by half. Whether you use 
GigE, Myrinet, Quadrics, InfiniBand or InfiniPath HTX, there is only one choice for monitoring and 
debugging your cluster of SMP nodes: Microway's MPI Link-Checker”™. 


This unique diagnostic tool uses an end-to-end stress test to find problems with cables, processors, 
BIOS's, PCI buses, NIC's, switches, and even MP1 itself! It provides instant details on how latency and 
bandwidth vary with packet size. It also provides ancillary data on inter-process and intra-CPU latency, 
and includes FastCheck!, which runs in CLI mode and checks up to 100 nodes per second. 

A complimentary one year license for MPI Link-Checker™ is installed on every Opteron based 
Microway cluster purchased in 2006. 
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Wondering what's wrong with your cluster’s performance, or need help designing your next one? 
Microway designs award-winning single and dual core AMD Opteron based clusters. Dual core enables 
users to increase computing capacity without increasing power requirements, thereby providing the best 
performance per watt. Configurations include 1U, 2U, and our 4U QuadPuter” RuggedRack”—available 
with four or eight dual core Opterons, offering the perfect balance between performance and density. 
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Microway has been an innovator in HPC since 1982. We have thousands of 
happy customers in HPC, Energy, Enterprise and Life Science markets. 


Isn't it time you became one? IcLusTER] 
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Microway”® Quad Opteron” Cluster with 
36 Opteron 880s, redundant power, 
45 hard drives and Myrinet™ in our ® 


CoolRak™ cabinet. 23 Years of Expertise Built In 


